sentry
PyPI14 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting sentrypage 1 of 1
- CVE-2021-47935HIGHCVSS 8.8EG 8.82026-05-10
vulnerable: 2.0.0 ... 8.2.0 (280 versions)
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submi…
- CVE-2022-23485MEDIUMCVSS 6.4EG 6.4✓ Fixed in 22.11.02022-12-10
vulnerable: 20.10.1 ... 22.9.0 (38 versions)
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on m…
- CVE-2023-36826HIGHCVSS 7.7EG 7.7✓ Fixed in 23.5.22023-07-25
vulnerable: 10.0.0 ... 9.1.2 (57 versions)
Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known b…
- CVE-2023-36829MEDIUMCVSS 6.8EG 6.8✓ Fixed in 23.6.22023-07-06
vulnerable: 23.6.0, 23.6.1
Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request he…
- CVE-2023-39349HIGHCVSS 8.1EG 8.1✓ Fixed in 23.7.22023-08-07
vulnerable: 22.1.0 ... 23.7.1 (26 versions)
Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens creat…
- CVE-2023-39531MEDIUMCVSS 6.5EG 6.5✓ Fixed in 23.7.22023-08-09
vulnerable: 10.0.0 ... 23.7.1 (56 versions)
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth…
- CVE-2024-32474HIGHCVSS 7.3EG 7.3✓ Fixed in 24.4.12024-04-18
Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the _event_: `auth-index.validat…
- CVE-2024-35196LOWCVSS 2.0EG 2.0✓ Fixed in 24.5.02024-05-31
Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated…
- CVE-2024-41656HIGHCVSS 7.1EG 7.1✓ Fixed in 24.7.12024-07-23
vulnerable: 10.0.0 ... 23.7.1 (56 versions)
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry si…
- CVE-2024-45605MEDIUMCVSS 6.5EG 6.5✓ Fixed in 24.9.02024-09-17
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks ar…
- CVE-2024-45606HIGHCVSS 7.1EG 7.1✓ Fixed in 24.9.02024-09-17
vulnerable: 23.4.0 ... 23.7.1 (9 versions)
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organiza…
- CVE-2024-53253MEDIUMCVSS 5.3EG 5.32024-11-22
vulnerable: 10.0.0 ... 9.1.2 (373 versions)
Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and…
- CVE-2025-22146CRITICALCVSS 9.1EG 9.1✓ Fixed in 25.1.02025-01-15
vulnerable: 21.12.0 ... 23.7.1 (27 versions)
Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allow…
- CVE-2026-42354CRITICALCVSS 9.1EG 9.1✓ Fixed in 26.4.12026-05-08
vulnerable: 21.12.0 ... 23.7.1 (27 versions)
Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulnerability allows an attacker to take over…
Check whether sentry is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for sentry CVEs against the assets you own.
Start Free Scan →