bugsink
PyPI9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting bugsinkpage 1 of 1
- CVE-2025-54433HIGHCVSS 7.2EG 7.2✓ Fixed in 1.4.32025-07-30
vulnerable: 0.0.1 ... 1.4.2 (20 versions)
Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted event_id input without valid…
- CVE-2025-64508HIGHCVSS 7.5EG 7.5✓ Fixed in 2.0.52025-11-10
vulnerable: 0.0.1 ... 2.0.4 (45 versions)
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" (highly compressed brotli streams, such as many zeros) can be sent to the server. Since the server will attempt to decompress these streams before app…
- CVE-2025-64509HIGHCVSS 7.5EG 7.5✓ Fixed in 2.0.62025-11-10
vulnerable: 0.0.1 ... 2.0.5 (46 versions)
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.6, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the …
- CVE-2026-40162HIGHCVSS 7.1EG 7.1✓ Fixed in 2.1.12026-04-10
vulnerable: 2.1.0
Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to…
- CVE-2026-44502MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.1.32026-05-26
vulnerable: 0.0.1 ... 2.1.2 (58 versions)
Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be (partially) bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.p…
- CVE-2026-47715LOWCVSS 3.1EG 3.1✓ Fixed in 2.2.02026-05-26
vulnerable: 0.0.1 ... 2.1.3 (59 versions)
Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL…
- CVE-2026-47716LOWCVSS 3.1EG 3.1✓ Fixed in 2.2.02026-05-26
vulnerable: 0.0.1 ... 2.1.3 (59 versions)
Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiri…
- CVE-2026-47728MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.2.02026-05-26
vulnerable: 0.0.1 ... 2.1.3 (59 versions)
Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink resolved sourcemaps and debug files by debug ID without scoping that lookup to the project that owned the uploaded metadata. An authenticated user with access to one pro…
- CVE-2026-53954MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.2.22026-06-05
vulnerable: 0.0.1 ... 2.2.1 (61 versions)
Bugsink: DOS using large numbers of event tags ### Summary In affected versions, Bugsink stores every tag supplied with an incoming event. An event with an unusually large number of custom (i.e. supplied by an attacker) tags can therefor…
Check whether bugsink is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for bugsink CVEs against the assets you own.
Start Free Scan →