pkg:Bitnami/argo-cd
31 total CVEsCRITICAL6HIGH8MEDIUM17
✅ Check your installed version
All known vulnerabilities
- >= 2.13.0, < 2.13.9, >= 2.14.0, < 2.14.16, >= 3.0.0, < 3.0.14, >= 3.1.0, < 3.1.2
- CRITICAL9.9CVE-2023-40029Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd>= 2.2.0, < 2.6.15, >= 2.7.0, < 2.7.14, >= 2.8.0, < 2.8.3
- >= 3.2.0, < 3.2.11, >= 3.3.0, < 3.3.9
- >= 1.2.0, < 2.13.8, >= 2.14.0, < 2.14.13, >= 3.0.0, < 3.0.4
- CRITICAL9.0CVE-2024-31989ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cachefrom 0, < 2.11.1
- CRITICAL9.0CVE-2024-28175Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2>= 1.0.0, < 2.10.3
- from 0, < 1.5.0
- HIGH7.5CVE-2025-59538Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook>= 2.9.0, < 2.14.20, >= 3.0.0, < 3.0.19, >= 3.1.0, < 3.1.8
- HIGH7.5CVE-2025-59537argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload in github.com/argoproj/argo-cd>= 1.2.0, < 2.14.20, >= 3.0.0, < 3.0.19, >= 3.1.0, < 3.1.8
- HIGH7.5CVE-2025-59531Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd>= 1.2.0, < 2.14.20, >= 3.0.0, < 3.0.19, >= 3.1.0, < 3.1.8
- HIGH7.5CVE-2024-40634Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd>= 1.0.0, < 2.11.6
- HIGH7.5CVE-2024-21661Argo CD Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environmentfrom 0, < 2.10.4
- HIGH7.5CVE-2020-8826As of v1.5.0, the Argo web interface authentication system issued immutable tokens.from 0, < 1.5.0
- HIGH7.5CVE-2020-8827Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cdfrom 0, < 1.5.0
- MEDIUM6.8CVE-2025-23216Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cdfrom 0, < 2.13.4
- >= 2.1.0, < 2.14.20, >= 3.0.0, < 3.0.19, >= 3.1.0, < 3.1.8
- MEDIUM6.5CVE-2024-32476Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferencesfrom 0, < 2.10.8
- MEDIUM6.5CVE-2024-29893Out of memory crash from malicious Helm registry in github.com/argoproj/argo-cd/v2>= 2.4.0, < 2.10.5
- MEDIUM6.5CVE-2021-26921In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.from 0, < 1.7.12, >= 1.8.0, < 1.8.4
- MEDIUM6.5CVE-2023-40584Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd>= 2.4.0, < 2.6.15, >= 2.7.0, < 2.7.14, >= 2.8.0, < 2.8.3
- MEDIUM6.4CVE-2023-50726Users with `create` but not `override` privileges can perform local sync in argo-cd>= 1.2.0, < 2.8.12, >= 2.9.0, < 2.9.8, >= 2.10.0, < 2.10.3
- MEDIUM6.3CVE-2023-25163Argo CD leaks repository credentials in user-facing error messages and in logs>= 2.6.0, <= 2.6.0, >= 2.6.0-rc1, <= 2.6.0-rc1, >= 2.6.0-rc2, <= 2.6.0-rc2, >= 2.6.0-rc3, <= 2.6.0-rc3, >= 2.6.0-rc4, <= 2.6.0-rc4, >= 2.6.0-rc5, <= 2.6.0-rc5, >= 2.6.0-rc6, <= 2.6.0-rc6, >= 2.6.0-rc7, <= 2.6.0-rc7
- MEDIUM5.5CVE-2021-23135Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data in…>= 1.7.0, < 1.7.14, >= 1.8.0, < 1.8.7
- from 0, < 2.10.4
- from 0, < 2.10.4
- MEDIUM5.3CVE-2024-37152Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd>= 2.9.3, < 2.11.3
- >= 1.5.0, <= 1.5.0
- >= 2.4.0, < 2.10.7
- MEDIUM4.7CVE-2024-41666The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd>= 2.6.0, < 2.11.7
- from 0, < 1.7.13, >= 1.8.0, < 1.8.6
- MEDIUM4.3CVE-2024-36106Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd>= 2.10.0, < 2.11.3