All 7 CVE vulnerabilities found in tinacms, with AI-generated Chinese analysis, references, and POCs.
Vendor: tinacms
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2026-34603 | @tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions CWE-22 | 7.1 | High | 2026-04-01 |
| CVE-2026-34604 | @tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions CWE-22 | 7.1 | High | 2026-04-01 |
| CVE-2026-33949 | @tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files CWE-22 | 8.1 | High | 2026-04-01 |
| CVE-2026-28791 | Path Traversal in Media Upload Handle in Tina CWE-22 | 7.4 | High | 2026-03-12 |
| CVE-2025-68278 | tinacms vulnerable to arbitrary code execution CWE-94 | 9.8AI | CriticalAI | 2025-12-18 |
| CVE-2024-45391 | Tina search token leak via lock file in TinaCMS CWE-200 | 7.5 | High | 2024-09-03 |
| CVE-2023-25164 | Sensitive Information leak via Script File in TinaCMS CWE-532 | 8.6 | High | 2023-02-08 |
All 7 known CVE vulnerabilities affecting tinacms with full Chinese analysis, references, and POCs where available.