pkg:npm/@tinacms/graphql

5 total CVEsHIGH3MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • HIGH8.1CVE-2026-33949@tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files
    from 0, < 2.2.2
  • HIGH7.1CVE-2026-34604@tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions
    from 0, < 2.2.2
  • HIGH7.1CVE-2026-34603@tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions
    from 0, < 2.2.2
  • MEDIUM6.3CVE-2026-24125@tinacms/graphql has a Path Traversal issue
    from 0, < 2.1.2
  • CVE-2025-68278tinacms is vulnerable to arbitrary code execution
    from 0, < 2.0.3