Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/sentry@22.1.0
purl pkg:pypi/sentry@22.1.0
Next non-vulnerable version 23.7.2
Latest non-vulnerable version 26.4.1
Risk 3.5
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-8ujq-fcyw-ykap
Aliases:
CVE-2024-41656
GHSA-fm88-hc3v-3www
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry side with the subsequent rendering them on the Issues page. Self-hosted Sentry users may be impacted in case of untrustworthy Integration platform integrations sending external issues from their side to Sentry. A patch has been released in Sentry 24.7.1. For Sentry SaaS customers, no action is needed. This has been patched on July 23, and even prior to the fix, the exploitation was not possible due to the strict Content Security Policy deployed on sentry.io site. For self-hosted users, the maintainers of Sentry strongly recommend upgrading Sentry to the latest version. If it is not possible, one could enable CSP on one's self-hosted installation with `CSP_REPORT_ONLY = False` (enforcing mode). This will mitigate the risk of cross-site scripting.
24.7.1
Affected by 0 other vulnerabilities.
VCID-crnn-rr9n-hkf5
Aliases:
CVE-2023-36826
GHSA-m4hc-m2v6-hfw8
PYSEC-2023-130
Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known bundle ID. The user does not need to be a member of the organization or have permissions on the project. A patch was issued in version 23.5.2 to ensure authorization checks are properly scoped on requests to retrieve debug or artifact bundles. Authenticated users who do not have the necessary permissions on the particular project are no longer able to download them. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 23.5.2 or higher.
23.5.2
Affected by 7 other vulnerabilities.
VCID-d19j-1zb6-auc7
Aliases:
CVE-2023-39349
GHSA-9jcq-jf57-c62c
Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on `sentry.io`. For self-hosted users, it is advised to rotate user auth tokens. A fix is available in version 23.7.2 of `sentry` and `self-hosted`. There are no known workarounds.
23.7.2
Affected by 0 other vulnerabilities.
VCID-jjfq-a5mj-k3dr
Aliases:
CVE-2026-42354
GHSA-rcmw-7mc7-3rj7
Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. This issue has been patched in version 26.4.1.
26.4.1
Affected by 0 other vulnerabilities.
VCID-mufe-mftg-aybh
Aliases:
CVE-2023-39531
GHSA-hgj4-h2x3-rfx4
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth token exchange due to incorrect credential validation. The client ID must be known and the API application must have already been authorized on the targeted user account. Sentry SaaS customers do not need to take any action. Self-hosted installations should upgrade to version 23.7.2 or higher. There are no direct workarounds, but users should review applications authorized on their account and remove any that are no longer needed.
23.7.2
Affected by 0 other vulnerabilities.
VCID-pmfu-x11s-tuba
Aliases:
CVE-2025-22146
GHSA-7pq6-v88g-wf3w
Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. The Sentry SaaS fix was deployed on Jan 14, 2025. For self hosted users; if only a single organization is allowed `(SENTRY_SINGLE_ORGANIZATION = True)`, then no action is needed. Otherwise, users should upgrade to version 25.1.0 or higher. There are no known workarounds for this vulnerability.
25.1.0
Affected by 0 other vulnerabilities.
VCID-y7p4-jscz-4yc4
Aliases:
CVE-2026-27197
GHSA-ggmg-cqg6-j45g
Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. Self-hosted users are only at risk if the following criteria is met: ore than one organizations are configured (SENTRY_SINGLE_ORGANIZATION = True), or malicious user has existing access and permissions to modify SSO settings for another organization in a multo-organization instance. This issue has been fixed in version 26.2.0. To workaround this issue, implement user account-based two-factor authentication to prevent an attacker from being able to complete authentication with a victim's user account. Organization administrators cannot do this on a user's behalf, this requires individual users to ensure 2FA has been enabled for their account. There are no reported fixed by versions.
VCID-zf3g-vyyq-fbet
Aliases:
CVE-2022-23485
GHSA-jv85-mqxj-3f9j
PYSEC-2022-43011
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result an attacker with a valid invite link can create multiple users and join an organization they may not have been originally invited to. This issue was patched in version 22.11.0. Sentry SaaS customers do not need to take action. Self-hosted Sentry installs on systems which can not upgrade can disable the invite functionality until they are ready to deploy the patched version by editing their `sentry.conf.py` file (usually located at `~/.sentry/`).
22.11.0
Affected by 7 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T22:18:28.591151+00:00 GitLab Importer Affected by VCID-jjfq-a5mj-k3dr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/sentry/CVE-2026-42354.yml 38.6.0
2026-06-12T22:10:17.997979+00:00 GitLab Importer Affected by VCID-y7p4-jscz-4yc4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/sentry/CVE-2026-27197.yml 38.6.0
2026-06-12T19:50:14.186078+00:00 GitLab Importer Affected by VCID-pmfu-x11s-tuba https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/sentry/CVE-2025-22146.yml 38.6.0
2026-06-12T19:35:46.838162+00:00 GitLab Importer Affected by VCID-8ujq-fcyw-ykap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/sentry/CVE-2024-41656.yml 38.6.0
2026-06-12T19:02:42.500525+00:00 GitLab Importer Affected by VCID-mufe-mftg-aybh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/sentry/CVE-2023-39531.yml 38.6.0
2026-06-12T19:01:02.356457+00:00 GitLab Importer Affected by VCID-crnn-rr9n-hkf5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/sentry/CVE-2023-36826.yml 38.6.0
2026-06-12T18:41:49.048228+00:00 GitLab Importer Affected by VCID-zf3g-vyyq-fbet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/sentry/CVE-2022-23485.yml 38.6.0
2026-06-12T15:46:46.228168+00:00 GitLab Importer Affected by VCID-d19j-1zb6-auc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/sentry/CVE-2023-39349.yml 38.6.0
2026-06-12T04:16:42.075035+00:00 Pypa Importer Affected by VCID-crnn-rr9n-hkf5 https://github.com/pypa/advisory-database/blob/main/vulns/sentry/PYSEC-2023-130.yaml 38.6.0
2026-06-12T04:15:43.466895+00:00 Pypa Importer Affected by VCID-zf3g-vyyq-fbet https://github.com/pypa/advisory-database/blob/main/vulns/sentry/PYSEC-2022-43011.yaml 38.6.0
2026-06-11T21:00:16.108973+00:00 PyPI Importer Affected by VCID-crnn-rr9n-hkf5 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-06-11T20:59:06.019828+00:00 PyPI Importer Affected by VCID-zf3g-vyyq-fbet https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0