Getsentry Sentry-Javascript vulnerabilities

CVE-2025-65944 [MEDIUM] CWE-201 CVE-2025-65944: Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvertently send certain sensitive HTTP headers, including the Cookie header, to Sentry. Those headers would be stored within a Sentry organization as part o

CVE-2023-50249 [HIGH] CWE-400 CVE-2023-50249: Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Serv Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). This vulnerability has be

CVE-2023-46729 [MEDIUM] CWE-918 CVE-2023-46729: sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel en sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been fixed in version 7.77.0.