Today we're releasing Sentry 7.6.1 and 7.5.5 which include an XSS hotfix related to rendering low cardinality tags in the stream filters.
This vulnerability affects many historical versions, and its out of scope to attempt to list them all.
The specific commit which addresses the issue is here:
Low priority right now because Sentry is only used in test installations but blocks future deployments. Currently we use 6.4.4 on sentry-beta and 7.4.3 in the puppet roles.