VYPR

Tinacms\/graphql

by Ssw

Source repositories

CVEs (3)

  • CVE-2026-33949HigApr 1, 2026
    risk 0.53cvss 8.1epss 0.00

    Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in…

  • CVE-2025-68278HigDec 18, 2025
    risk 0.50cvss 8.8epss 0.00

    Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version…

  • CVE-2026-34604HigApr 1, 2026
    risk 0.39cvss 7.1epss 0.00

    Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under…