Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

argo-cd — Vulnerabilities & Security Advisories 41

All 41 CVE vulnerabilities found in argo-cd, with AI-generated Chinese analysis, references, and POCs.

Vendor: argoproj

CVE IDTitleCVSSSeverityPublished
CVE-2025-59538 Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook CWE-248 7.5 High2025-10-01
CVE-2025-59537 argo-cd is vulnerable to unauthenticated DoS attack via malformed Gogs webhook payload CWE-20 7.5 High2025-10-01
CVE-2025-59531 Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload CWE-703 7.5 High2025-10-01
CVE-2025-55191 Repository Credentials Race Condition Crashes Argo CD Server CWE-362 6.5 Medium2025-09-30
CVE-2025-55190 Argo CD: Project API Token Exposes Repository Credentials CWE-200 10.0 Critical2025-09-04
CVE-2025-47933 Argo CD allows cross-site scripting on repositories page CWE-79 9.1 Critical2025-05-29
CVE-2025-23216 Argo CD does not scrub secret values from patch errors CWE-209 6.8 Medium2025-01-30
CVE-2024-41666 The Argo CD web terminal session does not handle the revocation of user permissions properly. CWE-269 4.7 Medium2024-07-24
CVE-2024-40634 Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint CWE-400 7.5 High2024-07-22
CVE-2024-37152 Unauthenticated Access to sensitive settings in Argo CD CWE-287 5.3 Medium2024-06-06
CVE-2024-36106 Argo CD allows authenticated users to enumerate clusters by name CWE-209 4.3 Medium2024-06-06
CVE-2024-31989 ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache CWE-327 9.1 Critical2024-05-21
CVE-2024-32476 Denial of Service via malicious jqPathExpressions in ignoreDifferences CWE-400 6.5 Medium2024-04-26
CVE-2024-31990 Argo CD' API server does not enforce project sourceNamespaces CWE-863 4.8 Medium2024-04-15
CVE-2024-29893 Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server CWE-400 6.5 Medium2024-03-29
CVE-2024-21662 Argo CD vulnerable to Bypassing of Rate Limit and Brute Force Protection Using Cache Overflow CWE-307 7.5 High2024-03-18
CVE-2024-21661 Argo CD Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment CWE-787 7.5 High2024-03-18
CVE-2024-21652 Argo CD vulnerable to Bypassing of Brute Force Protection via Application Crash and In-Memory Data Loss CWE-307 9.8 Critical2024-03-18
CVE-2023-50726 Users with `create` but not `override` privileges can perform local sync in argo-cd CWE-269 6.4 Medium2024-03-13
CVE-2024-28175 Cross-site scripting on application summary component in argo-cd CWE-79 9.1 Critical2024-03-13
CVE-2024-22424 Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd CWE-352 8.4 High2024-01-19
CVE-2023-40026 Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server CWE-22 5.0 Medium2023-09-27
CVE-2023-40584 Denial of Service to Argo CD repo-server CWE-400 6.5 Medium2023-09-07
CVE-2023-40029 Cluster secret might leak in cluster details page in Argo CD CWE-200 9.9 Critical2023-09-07
CVE-2023-40025 Argo CD web terminal session doesn't expire CWE-613 4.7 Medium2023-08-23
CVE-2023-23947 Argo CD users with any cluster secret update access may update out-of-bounds cluster secrets CWE-863 9.1 Critical2023-02-16
CVE-2023-25163 Argo CD leaks repository credentials in user-facing error messages and in logs CWE-532 6.3 Medium2023-02-08
CVE-2023-22736 argo-cd Controller reconciles apps outside configured namespaces when sharding is enabled CWE-862 8.6 High2023-01-26
CVE-2023-22482 JWT audience claim is not verified CWE-863 9.1 Critical2023-01-25
CVE-2022-31102 Cross-site Scripting for Argo CD single sign on users CWE-79 2.6 Low2022-07-12

All 41 known CVE vulnerabilities affecting argo-cd with full Chinese analysis, references, and POCs where available.