VYPR

Tinacms\/cli

by Ssw

Source repositories

CVEs (3)

  • CVE-2025-68278HigDec 18, 2025
    risk 0.50cvss 8.8epss 0.00

    Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version…

  • CVE-2026-34603HigApr 1, 2026
    risk 0.39cvss 7.1epss 0.00

    Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link…

  • CVE-2026-55660higJun 19, 2026
    risk 0.38cvss epss

    TinaCMS registers window message listeners — the useTina overlay handler, the OAuth authentication popup handler, and the admin↔preview iframe GraphQL reducer — that act on event.data without verifying event.origin or event.source, and post messages using non-specific…