@directus/api

Direct Vulnerabilities

Known vulnerabilities in the @directus/api package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Information Exposure	<33.0.0
M Open Redirect	<32.2.0
M Access Control Bypass	<32.0.2
M Information Exposure	<32.0.0
H Insertion of Sensitive Information Into Sent Data	<32.0.0
C External Control of File Name or Path	<28.0.3
M Improper Authorization	<28.0.0
M Exposure of Sensitive System Information to an Unauthorized Control Sphere	<28.0.0
M Improper Removal of Sensitive Information Before Storage or Transfer	<28.0.0
M Insertion of Sensitive Information into Log File	>=27.0.0 <28.0.0
H Uninitialized Memory Exposure	<25.0.0
M Operation on a Resource after Expiration or Release	>=18.0.0 <25.0.0
M Information Exposure	<25.0.0
M Allocation of Resources Without Limits or Throttling	<25.0.0
M Allocation of Resources Without Limits or Throttling	<25.0.0
M Incorrect Authorization	>=22.0.0 <23.1.0
M Improper Privilege Management	<23.1.1
H Information Exposure	>=22.2.0 <23.2.0
M Insertion of Sensitive Information into Log File	<21.0.0
M Server-side Request Forgery (SSRF)	<21.0.0>=22.0.0 <22.1.1
M Session Fixation	<21.0.1>=22.0.0 <22.2.0

Vulnerability

Vulnerable Version

Information Exposure

<33.0.0

Open Redirect

<32.2.0

Access Control Bypass

<32.0.2

Information Exposure

<32.0.0

Insertion of Sensitive Information Into Sent Data

<32.0.0

External Control of File Name or Path

<28.0.3

Improper Authorization

<28.0.0

Exposure of Sensitive System Information to an Unauthorized Control Sphere

<28.0.0

Improper Removal of Sensitive Information Before Storage or Transfer

<28.0.0

Insertion of Sensitive Information into Log File

>=27.0.0 <28.0.0

Uninitialized Memory Exposure

<25.0.0

Operation on a Resource after Expiration or Release

>=18.0.0 <25.0.0

Information Exposure

<25.0.0

Allocation of Resources Without Limits or Throttling

<25.0.0

Allocation of Resources Without Limits or Throttling

<25.0.0

Incorrect Authorization

>=22.0.0 <23.1.0

Improper Privilege Management

<23.1.1

Information Exposure

>=22.2.0 <23.2.0

Insertion of Sensitive Information into Log File

<21.0.0

Server-side Request Forgery (SSRF)

<21.0.0>=22.0.0 <22.1.1

Session Fixation

<21.0.1>=22.0.0 <22.2.0

Package versions

113 VERSIONS IN TOTAL See all versions

version	published	direct vulnerabilities
36.0.2	12 Jun, 2026	0 C 0 H 0 M 0 L
36.0.1	11 Jun, 2026	0 C 0 H 0 M 0 L
36.0.0	10 Jun, 2026	0 C 0 H 0 M 0 L
36.0.0-rc.1	5 Jun, 2026	0 C 0 H 0 M 0 L
36.0.0-rc.0	29 May, 2026	0 C 0 H 0 M 0 L
35.2.0	30 Apr, 2026	0 C 0 H 0 M 0 L
35.1.0	15 Apr, 2026	0 C 0 H 0 M 0 L
35.0.2	6 Apr, 2026	0 C 0 H 0 M 0 L
35.0.1	30 Mar, 2026	0 C 0 H 0 M 0 L
35.0.0	24 Mar, 2026	0 C 0 H 0 M 0 L