tinacms
npm3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting tinacmspage 1 of 1
- CVE-2025-68278HIGHCVSS 8.8EG 8.8✓ Fixed in 3.1.12025-12-18
Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to …
- CVE-2026-55660HIGHCVSS 7.6EG 7.6✓ Fixed in 3.9.32026-06-19
Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library register…
- CVE-2026-55661MEDIUMCVSS 4.8EG 4.8✓ Fixed in 3.9.32026-06-18
Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing …
Check whether tinacms is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for tinacms CVEs against the assets you own.
Start Free Scan →