CRITICAL9.3CVE-2026-27614Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering from 0, < 2.0.13
HIGH7.5CVE-2025-64509Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU) from 0, < 2.0.6
HIGH7.5Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input
from 0, < 2.0.5
HIGH7.1Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble
>= 2.1.0, < 2.1.1
MEDIUM4.3Bugsink: DOS using large numbers of event tags
from 0, < 2.2.2
MEDIUM4.3Bugsink: Project scoping missing in sourcemap and debug-file lookup
from 0, < 2.2.0
MEDIUM4.3Bunsink has an SSRF bypass in `validate_webhook_url`
from 0, < 2.1.3
LOW3.1Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known
from 0, < 2.2.0
LOW3.1Bugsink: Issue event views can show an event from another project if its UUID is known
from 0, < 2.2.0
—Bugsink path traversal via event_id in ingestion
>= 1.7.0, < 1.7.4