Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

tinacms — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting tinacms. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TinaCMS is a headless CMS enabling content editing within React applications. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with seven CVEs recorded. Security concerns often stem from improper input validation and insufficient access controls. While no major public security incidents have been widely reported, the presence of multiple CVEs indicates potential risks for implementations. Users should ensure proper configuration and timely updates to mitigate these vulnerabilities. The platform's integration with frontend frameworks creates unique attack surfaces that require careful security considerations during deployment and maintenance.

Found 7 results / 7Clear Filters
Top products by tinacms: tinacms
CVE IDTitleCVSSSeverityPublished
CVE-2026-34603 @tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions — tinacmsCWE-22 7.1 High2026-04-01
CVE-2026-34604 @tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions — tinacmsCWE-22 7.1 High2026-04-01
CVE-2026-33949 @tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files — tinacmsCWE-22 8.1 High2026-04-01
CVE-2026-28791 Path Traversal in Media Upload Handle in Tina — tinacmsCWE-22 7.4 High2026-03-12
CVE-2025-68278 tinacms vulnerable to arbitrary code execution — tinacmsCWE-94 9.8AICriticalAI2025-12-18
CVE-2024-45391 Tina search token leak via lock file in TinaCMS — tinacmsCWE-200 7.5 High2024-09-03
CVE-2023-25164 Sensitive Information leak via Script File in TinaCMS — tinacmsCWE-532 8.6 High2023-02-08

This page lists every published CVE security advisory associated with tinacms. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.