Tinacms Tinacms

7 CVEs affecting Tinacms Tinacms. Latest disclosed: 2026-04-01. Critical: 0, High: 6.

Top CVEs affecting Tinacms Tinacms
CVE	Severity	Score	Published	Summary
`CVE-2023-25164`	High	`8.6`	2023-02-08	Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli >= 1.0.0 && < 1.0.9 which store…
`CVE-2026-33949`	High	`8.1`	2026-04-01	Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write…
`CVE-2024-45391`	High	`7.5`	2024-09-03	Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search to…
`CVE-2026-28791`	High	`7.4`	2026-03-12	Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. T…
`CVE-2026-34603`	High	`7.1`	2026-04-01	Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but th…
`CVE-2026-34604`	High	`7.1`	2026-04-01	Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That bloc…
`CVE-2025-68278`			2025-12-18	Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers tha…