Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

@tinacms — Vulnerabilities & Security Advisories 4

Browse all 4 CVE security advisories affecting @tinacms. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Tinacms is a headless CMS enabling content editing within React applications, primarily targeting developers for seamless content management. Historically, vulnerabilities have included Remote Code Execution (RCE) due to unsafe deserialization, Cross-Site Scripting (XSS) from improper input sanitization, and privilege escalation through misconfigured access controls. The platform has faced multiple security incidents, with four CVEs recorded, highlighting recurring issues in input validation and authentication mechanisms. While Tinacms provides developer-friendly features, its security track record indicates a need for robust input handling and secure default configurations to mitigate common web application risks.

Top products by @tinacms: cli graphql
CVE IDTitleCVSSSeverityPublished
CVE-2026-29066 Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI — cliCWE-552 6.2 Medium2026-03-12
CVE-2026-28793 Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS — cliCWE-22 8.4 High2026-03-12
CVE-2026-28792 Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS — cliCWE-22 9.7 Critical2026-03-12
CVE-2026-24125 Path Traversal in @tinacms/graphql — graphqlCWE-22 6.3 Medium2026-03-12

This page lists every published CVE security advisory associated with @tinacms. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.