pkg:PyPI/sentry

All known vulnerabilities

• CRITICAL9.1CVE-2026-42354Sentry's improper authentication on SAML SSO process allows user identity linking
  >= 21.12.0, < 26.4.1
• CRITICAL9.1CVE-2026-27197Sentry: Improper authentication on SAML SSO process allows user identity linking
  >= 21.12.0
• CRITICAL9.1Sentry's improper authentication on SAML SSO process allows user impersonation
  >= 21.12.0, < 25.1.0
• HIGH8.8Sentry: Superusers can execute arbitrary commands by injecting malicious pickle-serialized objects through audit log entry data parameter
  from 0, <= 8.2.0
• HIGH8.8Sentry: Superusers can execute arbitrary commands by injecting malicious pickle-serialized objects through audit log entry data parameter
  from 0, < 8.1.4
• HIGH8.1Privilege escalation via ApiTokensEndpoint
  >= 22.1.0, < 23.7.2
• HIGH7.7Improper authorization on debug and artifact file downloads
  >= 8.21.0, < 23.5.2
• HIGH7.7Improper authorization on debug and artifact file downloads
  from 0, < e932b15435bf36239431eaa3790a6bcfa47046a9 | >= 8.21.0, < 23.5.2
• HIGH7.3Sentry vulnerable to leaking superuser cleartext password in logs
  >= 24.3.0, < 24.4.1
• HIGH7.1Sentry improperly authorizes muting of alert rules
  >= 23.4.0, < 24.9.0
• HIGH7.1Sentry vulnerable to stored Cross-Site Scripting (XSS)
  >= 10.0.0, < 24.7.1
• MEDIUM6.8Sentry CORS misconfiguration
  >= 23.6.0, < 23.6.2
• MEDIUM6.8Sentry CORS misconfiguration
  from 0, < ee44c6be35e5e464bc40637580f39867898acd8b | >= 23.6.0, < 23.6.2
• MEDIUM6.5Sentry improperly authorizes deletion of user issue alert notifications
  >= 23.9.0, < 24.9.0
• MEDIUM6.5Sentry vulnerable to incorrect credential validation on OAuth token requests
  >= 10.0.0, < 23.7.2
• MEDIUM6.4Sentry vulnerable to invite code reuse via cookie manipulation
  >= 20.6.0, < 22.11.0
• MEDIUM6.4Sentry vulnerable to invite code reuse via cookie manipulation
  >= 20.6.0, < 22.11.0
• MEDIUM5.3Sentry improper error handling leaks Application Integration Client Secret
  >= 24.11.0, < 24.11.1
• MEDIUM5.3Sentry improper error handling leaks Application Integration Client Secret
  from 0, <= 24.11.0
• LOW2.0Slack integration leaks sensitive information in logs
  >= 24.3.0, < 24.5.0