@tinacms/cli

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting @tinacms/clipage 1 of 1

CVE-2023-25164HIGHCVSS 8.6EG 8.6✓ Fixed in 1.0.9
2023-02-08
Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli >= 1.0.0 && < 1.0.9 which store sensitive values in the process.env variable are impacted. These values will be…
CVE-2024-45391HIGHCVSS 7.5EG 7.5✓ Fixed in 1.6.2
2024-09-03
Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.…
CVE-2025-68278HIGHCVSS 8.8EG 8.8✓ Fixed in 2.0.4
2025-12-18
Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to …

Check whether @tinacms/cli is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for @tinacms/cli CVEs against the assets you own.

Start Free Scan →