CVE-2025-69262

CVE-2025-69262 affects pnpm package manager. Versions 6.25.0 through 10.26.2 are vulnerable to a Command Injection via environment variable substitution in .npmrc when tokenHelper is used, enabling potential Remote Code Execution in build environments. Root cause: the tokenHelper flow allows shel...

CVE-2025-65944 Sentry-Javascript deals with leaked sensitive headers when `sendDefaultPii` is set to `true`

Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvertently send certain sensitive HTTP headers, including the Cookie header, to Sentry. Those headers...

Insertion of Sensitive Information Into Sent Data

Overview @sentry/core is a Base implementation for all Sentry JavaScript SDKs Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the sendDefaultPii configuration option. An attacker can gain access to sensitive HTTP headers, such as...

Insertion of Sensitive Information Into Sent Data

Overview @sentry/nuxt is an Official Sentry SDK for Nuxt EXPERIMENTAL Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the sendDefaultPii configuration option. An attacker can gain access to sensitive HTTP headers, such as authentication...

Insertion of Sensitive Information Into Sent Data

Overview @sentry/astro is an Official Sentry SDK for Astro Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the sendDefaultPii configuration option. An attacker can gain access to sensitive HTTP headers, such as authentication cookies, by...