Tinacms
This hub aggregates every CVE we track for Tinacms, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
6
CVEs tracked
0
Critical
6
High
0
In CISA KEV
Severity distribution
HIGH6
Monthly trend
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
3
0
0
2024-072026-06
Latest CVEs
The 6 most recently published vulnerabilities affecting Tinacms.
- CVE-2026-34603@tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions7.1
- CVE-2026-34604@tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions7.1
- CVE-2026-33949@tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files8.1
- CVE-2026-28791Path Traversal in Media Upload Handle in Tina7.4
- CVE-2024-45391Tina search token leak via lock file in TinaCMS7.5
- CVE-2023-25164Sensitive Information leak via Script File in TinaCMS8.6
Product normalization is registry-driven with AI assist and human review. How it works