| CVE-2026-42354 |
critical |
9.8 |
9.8 |
|
|
|
26d ago |
Sentry's improper authentication on SAML SSO process allows user identity linking |
| CVE-2021-47935 |
high |
8.8 |
8.8 |
|
|
|
25d ago |
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log e… |
| CVE-2026-27197 |
unknown |
— |
— |
|
|
|
2mo ago |
Sentry: Improper authentication on SAML SSO process allows user identity linking |
| CVE-2025-22146 |
unknown |
— |
— |
|
|
|
1y ago |
Sentry's improper authentication on SAML SSO process allows user impersonation |
| CVE-2024-53253 |
unknown |
— |
— |
|
|
|
2y ago |
Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform… |
| CVE-2024-45606 |
unknown |
— |
— |
|
|
|
2y ago |
Sentry improperly authorizes muting of alert rules |
| CVE-2024-45605 |
unknown |
— |
— |
|
|
|
2y ago |
Sentry improperly authorizes deletion of user issue alert notifications |
| CVE-2024-41656 |
unknown |
— |
— |
|
|
|
2y ago |
Sentry vulnerable to stored Cross-Site Scripting (XSS) |
| CVE-2024-35196 |
unknown |
— |
— |
|
|
|
2y ago |
Slack integration leaks sensitive information in logs |
| CVE-2024-32474 |
unknown |
— |
— |
|
|
|
2y ago |
Sentry vulnerable to leaking superuser cleartext password in logs |
| CVE-2023-39531 |
unknown |
— |
— |
|
|
|
3y ago |
Sentry vulnerable to incorrect credential validation on OAuth token requests |
| CVE-2023-39349 |
unknown |
— |
— |
|
|
|
3y ago |
Privilege escalation via ApiTokensEndpoint |
| CVE-2023-36826 |
unknown |
— |
— |
|
|
|
3y ago |
Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary o… |
| CVE-2023-36829 |
unknown |
— |
— |
|
|
|
3y ago |
Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true… |
| CVE-2022-23485 |
unknown |
— |
— |
|
|
|
4y ago |
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allo… |
