Sensitive Information Disclosure

Sentry-Javascript is vulnerable to Sensitive Information Disclosure. The vulnerability is due to over-collection of sensitive HTTP headers when sendDefaultPii is enabled, where headers such as Cookie can be sent to and stored in Sentry traces, allowing users with access to the Sentry organization...

CVE-2025-65944

Sentry-Javascript (official Sentry SDK for JavaScript) versions 10.11.0 to before 10.27.0 are affected. When a Node.js application uses the SDK with sendDefaultPii: true, certain sensitive HTTP headers (including Cookie) can be inadvertently sent to Sentry and stored in the associated trace, pote...

PT-2025-47977

Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvertently send certain sensitive HTTP headers, including the Cookie header, to Sentry. Those headers...

Insertion of Sensitive Information Into Sent Data

Overview @sentry/nuxt is an Official Sentry SDK for Nuxt EXPERIMENTAL Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the sendDefaultPii configuration option. An attacker can gain access to sensitive HTTP headers, such as authentication...