pkg:npm/@tinacms/graphql

All known vulnerabilities

• HIGH8.1CVE-2026-33949@tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files
  from 0, < 2.2.2
• HIGH7.1CVE-2026-34604@tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions
  from 0, < 2.2.2
• HIGH7.1CVE-2026-34603@tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions
  from 0, < 2.2.2
• MEDIUM6.3@tinacms/graphql has a Path Traversal issue
  from 0, < 2.1.2
• —tinacms is vulnerable to arbitrary code execution
  from 0, < 2.0.3