VYPR
Vendor

Getsentry

Products
5
CVEs
32
Across products
33
Status
Private

Products

5

Recent CVEs

32
View all 32 CVEs →
  • CVE-2026-42354CriMay 8, 2026
    risk 0.52cvss 9.1epss 0.01

    Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulnerability allows an attacker to take over any user account by using a malicious…

  • CVE-2025-22146CriJan 15, 2025
    risk 0.52cvss 9.1epss 0.01

    Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user…

  • CVE-2021-47935HigMay 10, 2026
    risk 0.50cvss 8.8epss 0.01

    Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin…

  • CVE-2023-39338MedJul 12, 2025
    risk 0.45cvss 6.8epss 0.01

    Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the sentry policy to access that service. It does not enable the user to authenticate to or use the service, it just provides the tunnel access.

  • CVE-2025-53073MedJun 24, 2025
    risk 0.27cvss 4.2epss 0.00

    In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's team. A seven-digit issue ID must be known (it is not treated as a secret and…

  • CVE-2024-40647MedJul 18, 2024
    risk 0.27cvss 5.3epss 0.00

    sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK < 2.8.0 allows the environment variables to be passed to subprocesses despite the `env={}` setting. In Python's `subprocess` calls, all environment variables are passed to subprocesses by default.…

  • CVE-2025-65944MedNov 25, 2025
    risk 0.26cvss epss 0.00

    Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvertently send certain sensitive HTTP headers, including the Cookie header, to…

  • CVE-2020-15505KEVJul 7, 2020
    risk 0.23cvss epss 1.00

    A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1…

  • CVE-2023-41724Mar 31, 2024
    risk 0.01cvss epss 0.13

    A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.

  • CVE-2026-52794Jun 24, 2026
    risk 0.00cvss epss 0.00

    Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to…

  • CVE-2026-26004Mar 17, 2026
    risk 0.00cvss epss 0.00

    Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference (IDOR) vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue.

  • CVE-2026-27197Feb 21, 2026
    risk 0.00cvss epss 0.00

    Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and…

  • CVE-2025-53099Jul 1, 2025
    risk 0.00cvss epss 0.01

    Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code within Sentry to maintain…

  • CVE-2024-8540Dec 10, 2024
    risk 0.00cvss epss 0.00

    Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.

  • CVE-2024-53253Nov 22, 2024
    risk 0.00cvss epss 0.01

    Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application…

  • CVE-2024-10276Oct 23, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The…

  • CVE-2024-45605Sep 17, 2024
    risk 0.00cvss epss 0.00

    Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete…

  • CVE-2024-45606Sep 17, 2024
    risk 0.00cvss epss 0.00

    Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project.…

  • CVE-2024-41656Jul 23, 2024
    risk 0.00cvss epss 0.00

    Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry side with the subsequent rendering them on…

  • CVE-2024-32474Apr 18, 2024
    risk 0.00cvss epss 0.00

    Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the _event_: `auth-index.validate_superuser`. An attacker with access to…