Every CVE whose affected-product data names Ssw Tinacms/cli, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2026-28792 — CVSS 9.6 (critical): Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration…
CVE-2025-68278 — CVSS 8.8 (high): Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way…
CVE-2023-25164 — CVSS 8.6 (high): Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli >= 1.0.0 &&…
CVE-2026-28793 — CVSS 8.4 (high): Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are…
CVE-2024-45391 — CVSS 7.5 (high): Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2…
CVE-2026-28791 — CVSS 7.4 (high): Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's…
CVE-2026-34603 — CVSS 7.1 (high): Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev…
CVE-2026-29066 — CVSS 6.2 (medium): Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false…