If you believe you have discovered a security issue within a Directus product or service, please reach out to us directly over email: security@directus.io. We will then open a GitHub Security Advisory for tracking the fix.

Directus values the members of the independent security research community who find security vulnerabilities and work with our team so that proper fixes can be issued to users. Our policy is to credit all researchers in the fix's release notes. In order to receive credit, security researchers must follow responsible disclosure practices, including:

• They do not publish the vulnerability prior to the Directus team releasing a fix for it
• They do not divulge exact details of the issue, for example, through exploits or proof-of-concepts