npm / tinacms

TinaCMS rich-text (slatejson) rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes

Modified: 6/18/2026

tinacms is vulnerable to arbitrary code execution

Modified: 12/18/2025

Tina: Path Traversal in Media Upload Handle

Modified: 3/14/2026