Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

vulnersOsv
vulnersOsvadded 2026/03/12 6:32 p.m.3 views

@backpackjs/cli (>=1.0.0 <=2.0.0-bundle-perf-test.2), @backpackjs/cms (>=0.0.2 <=4.21.0) +51 more potentially affected by CVE-2026-28791 via tinacms (>=0.0.0-a11f739-20260513041310 <=2.1.1)

tinacms NPM version =0.0.0-a11f739-20260513041310, =1.0.0, =0.0.2, =2.2.0-isolate-nextjs.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.10.0, =0.0.1-beta.1, =0.0.0-20220816134642, =0.0.0-20220903131031, =0.0.4, =0.1.0, =0.0.85, =0.0.89, =0.0.93 and more Source cves: CVE-2026-28791 Source advisory:...

7.4CVSS5.4AI score0.0012EPSS
Exploits1
ATTACKERKB
ATTACKERKBadded 2026/03/12 4:57 p.m.1 views

CVE-2026-29066

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the...

6.2CVSS5.9AI score0.06479EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/01/09 9:2 a.m.5 views

CVE-2023-25164

Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli = 1.0.0 && 1.0.9 which store sensitive values in the process.env variable are impacted. These values will be added in plaintext to the index.js file. If you're on a...

8.6CVSS6.1AI score0.00372EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2025/12/18 6:45 p.m.55 views

tinacms is vulnerable to arbitrary code execution

Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...

8.8CVSS8.3AI score0.00069EPSS
Exploits1References4Affected Software3
OSV
OSVadded 2025/12/18 6:45 p.m.0 views

GHSA-529F-9QWM-9628 tinacms is vulnerable to arbitrary code execution

Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...

8.6CVSS6.6AI score0.00069EPSS
Exploits1References4
Cvelist
Cvelistadded 2025/12/18 3:27 p.m.23 views

CVE-2025-68278 tinacms vulnerable to arbitrary code execution

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cl...

8.6CVSS0.00069EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-0758

Malicious code in bioql PyPI...

8.6CVSS8.2AI score0.00372EPSS
Exploits0References4
Rows per page
Query Builder