CVE-2024-41656

Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry side with the subsequent rendering them on the Issues page...

EUVD-2025-0092

Malicious code in bioql PyPI...

EUVD-2024-2875

Malicious code in bioql PyPI...

EUVD-2024-3063

Malicious code in bioql PyPI...

CVE-2024-53253

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

Sentry improper error handling leaks Application Integration Client Secret

Impact During routine testing, we identified a scenario where a specific error message generated by our platform could include a plaintext Client ID and Client Secret for an application integration. The Client ID and Client Secret would not be displayed in the UI, but would be returned in the...

CVE-2024-35196

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, i...

CVE-2023-23917

A prototype pollution vulnerability exists in Rocket.Chat server 5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may...

CVE-2023-23917

A prototype pollution vulnerability exists in Rocket.Chat server 5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may...

Code injection

A prototype pollution vulnerability exists in Rocket.Chat server 5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may...

CVE-2023-23917

A prototype pollution vulnerability exists in Rocket.Chat server 5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may...

GHSA-V7X3-7HW7-PCJG Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments

Impact Temporary repository tokens were leaked into Pull Requests comments in during certain Go Modules update failure scenarios. Patches The problem has been patched. Self-hosted users should upgrade to v19.38.7 or later. Workarounds Disable Go Modules support. References Blog post:...