CMS
directus/directus
The flexible backend for all your projects 🐰 Turn your DB into a headless CMS, admin panels, or apps with a custom UI, instant APIs, auth & more.
#api#cms#graphql#app#database#vue#sqlite#mysql#postgresql#mssql#directus#node#headless-cms#no-code#typescript#javascript#data-visualization#sql#composable#mariadb
スコア
80
/ 100
Star
35,711
Fork
4,758
Open Issue
344
サイズ
432MB
言語
TypeScript ★
最終push
0 日前
Docker
🐳 両方 ★
採点内訳
過去CVE 20件 (やや多い)
✓直近 push: 0 日前
✓得意言語 (TypeScript)
✓オープンissue 344件
✓大規模 (432MB)
—Docker 対応 (Dockerfile + compose)
✓10k–50k: 中級 (★35,711)
—※ 各項目の重みは「採点ルール」を参照。合計は 0 で底打ち。
過去の SecurityAdvisory (20 件)
- Authenticated Users Can Extract Concealed Fields via Aggregate Queries
- GraphQL Alias Amplification Denial-of-Service Due to Missing Query Cost/Complexity Limits
- Unauthenticated Denial of Service via GraphQL Alias Amplification of Expensive Health Check Resolver
- Sensitive fields exposed in revision history
- TUS Upload Authorization Bypass Allows Arbitrary File Overwrite
- SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in File Import
- GraphQL Schema SDL Disclosure Setting
- Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow
- Open Redirect in Admin 2FA Setup Page
- Broken Access Control in File Management API
- Missing Cross-Origin Opener Policy
- User Enumeration via Password Reset Timing Attack
- Open redirect in SAML
- Information Leakage: Existing Collections
- Conceal fields are searchable if read permissions enabled
- Store XSS
- Improper Permission Handling on Deleted Fields in Directus
- Unauthenticated file upload and file modification due to lacking input sanitization
- Missing permission checks for manual trigger Flows
- Directus version number disclosure