Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

argoproj — Vulnerabilities & Security Advisories 55

Browse all 55 CVE security advisories affecting argoproj. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by argoproj:argo-cdargo-workflowsargo-eventsargo-helm
CVE IDTitleCVSSSeverityPublished
CVE-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller — argo-workflowsCWE-129 7.7 High2026-04-23
CVE-2026-31892 WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode — argo-workflowsCWE-863 8.8 -2026-03-11
CVE-2026-28229 Argo Workflows has unauthorized access to Argo Workflows Template — argo-workflowsCWE-863 9.8 Critical2026-03-11
CVE-2026-23960 Argo Workflows affected by stored XSS in the artifact directory listing — argo-workflowsCWE-79 5.4AIMediumAI2026-01-21
CVE-2025-66626 argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links — argo-workflowsCWE-23 8.1 High2025-12-09
CVE-2025-62157 Argo Workflows exposes artifact repository credentials in workflow-controller logs — argo-workflowsCWE-522 8.1AIHighAI2025-10-14
CVE-2025-62156 argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite — argo-workflowsCWE-22 8.1 High2025-10-14
CVE-2025-59538 Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook — argo-cdCWE-248 7.5 High2025-10-01
CVE-2025-59537 argo-cd is vulnerable to unauthenticated DoS attack via malformed Gogs webhook payload — argo-cdCWE-20 7.5 High2025-10-01
CVE-2025-59531 Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload — argo-cdCWE-703 7.5 High2025-10-01
CVE-2025-55191 Repository Credentials Race Condition Crashes Argo CD Server — argo-cdCWE-362 6.5 Medium2025-09-30
CVE-2025-55190 Argo CD: Project API Token Exposes Repository Credentials — argo-cdCWE-200 10.0 Critical2025-09-04
CVE-2025-47933 Argo CD allows cross-site scripting on repositories page — argo-cdCWE-79 9.1 Critical2025-05-29
CVE-2025-32445 Users can gain privileged access to the host system and cluster with EventSource and Sensor CR — argo-eventsCWE-250 10.0 Critical2025-04-15
CVE-2025-23216 Argo CD does not scrub secret values from patch errors — argo-cdCWE-209 6.8 Medium2025-01-30
CVE-2024-53862 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode — argo-workflowsCWE-200 9.1 -2024-12-02
CVE-2024-52814 Helm Lacks Granularity in Workflow Role — argo-helmCWE-1220 2.8 Low2024-11-22
CVE-2024-52799 Argo Workflows Chart: Excessive Privileges in Workflow Role — argo-helmCWE-250 8.3 High2024-11-21
CVE-2024-47827 Argo Workflows Controller: Denial of Service via malicious daemon Workflows — argo-workflowsCWE-362 5.7 Medium2024-10-28
CVE-2024-41666 The Argo CD web terminal session does not handle the revocation of user permissions properly. — argo-cdCWE-269 4.7 Medium2024-07-24
CVE-2024-40634 Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint — argo-cdCWE-400 7.5 High2024-07-22
CVE-2024-37152 Unauthenticated Access to sensitive settings in Argo CD — argo-cdCWE-287 5.3 Medium2024-06-06
CVE-2024-36106 Argo CD allows authenticated users to enumerate clusters by name — argo-cdCWE-209 4.3 Medium2024-06-06
CVE-2024-31989 ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache — argo-cdCWE-327 9.1 Critical2024-05-21
CVE-2024-32476 Denial of Service via malicious jqPathExpressions in ignoreDifferences — argo-cdCWE-400 6.5 Medium2024-04-26
CVE-2024-31990 Argo CD' API server does not enforce project sourceNamespaces — argo-cdCWE-863 4.8 Medium2024-04-15
CVE-2024-29893 Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server — argo-cdCWE-400 6.5 Medium2024-03-29
CVE-2024-21662 Argo CD vulnerable to Bypassing of Rate Limit and Brute Force Protection Using Cache Overflow — argo-cdCWE-307 7.5 High2024-03-18
CVE-2024-21661 Argo CD Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment — argo-cdCWE-787 7.5 High2024-03-18
CVE-2024-21652 Argo CD vulnerable to Bypassing of Brute Force Protection via Application Crash and In-Memory Data Loss — argo-cdCWE-307 9.8 Critical2024-03-18

This page lists every published CVE security advisory associated with argoproj. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.