@tinacms/cli

This hub aggregates every CVE we track for @tinacms/cli, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

OSS Libraries

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH5MEDIUM1CRITICAL1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 7 most recently published vulnerabilities affecting @tinacms/cli.

CVE-2026-34603@tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions7.1Apr 1, 2026
CVE-2026-29066Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI6.2Mar 12, 2026
CVE-2026-28791Path Traversal in Media Upload Handle in Tina7.4Mar 12, 2026
CVE-2026-28793Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS8.4Mar 12, 2026
CVE-2026-28792Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS9.6Mar 12, 2026
CVE-2024-45391Tina search token leak via lock file in TinaCMS7.5Sep 3, 2024
CVE-2023-25164Sensitive Information leak via Script File in TinaCMS8.6Feb 8, 2023

Product normalization is registry-driven with AI assist and human review. How it works