OsVault/npm/tinacms
npm

tinacms

10 known vulnerabilities · 0 critical · 4 high

CVE-2025-68278

tinacms is vulnerable to arbitrary code execution

Published Dec 18, 2025
CVE-2026-28791

Tina: Path Traversal in Media Upload Handle

Published Mar 12, 2026
CVE-2026-24125

@tinacms/graphql has a Path Traversal issue

Published Mar 12, 2026
CVE-2026-28793

TinaCMS Vulnerable to Path Traversal Leading to Arbitrary File Read, Write and Delete

Published Mar 12, 2026
CVE-2026-28792

TinaCMS CLI Dev Server Vulnerable to Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

Published Mar 12, 2026
CVE-2026-34604HIGH
Risk: 35.52/100

@tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions

Published Apr 1, 2026
CVE-2023-25164HIGH

Sensitive Information leak via Script File in TinaCMS

Published Feb 8, 2023
CVE-2026-29066

TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction

Published Mar 12, 2026
CVE-2026-33949HIGH
Risk: 40.54/100

@tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files

Published Mar 30, 2026
CVE-2026-34603HIGH
Risk: 35.52/100

@tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions

Published Apr 1, 2026
Check your entire dependency tree at onceRun dependency scan →