pkg:Go/github.com/argoproj/argo-cd

All known vulnerabilities

• CRITICAL10.0CVE-2022-29165Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
  from 0
• CRITICAL10.0CVE-2022-29165Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
  from 0, < 2.1.15
• CRITICAL9.9CVE-2025-55190Argo CD: Project API Token Exposes Repository Credentials
  from 0
• CRITICAL9.9CVE-2023-40029Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
  from 0
• CRITICAL9.9CVE-2022-24768Improper access control allows admin privilege escalation in Argo CD
  >= 0.5.0, < 2.1.14
• CRITICAL9.9CVE-2022-24768Improper access control allows admin privilege escalation in Argo CD
  >= 0.5.0
• CRITICAL9.1CVE-2023-23947Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
  from 0
• CRITICAL9.1CVE-2023-23947Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
  >= 2.3.0, < 2.3.17
• CRITICAL9.0CVE-2025-47933Argo CD allows cross-site scripting on repositories page
  >= 1.2.0-rc1
• CRITICAL9.0CVE-2025-47933Argo CD allows cross-site scripting on repositories page
  >= 1.2.0-rc1, <= 1.8.7
• CRITICAL9.0CVE-2024-31989ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
  from 0
• CRITICAL9.0CVE-2024-31989ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
  from 0, <= 1.8.7
• CRITICAL9.0CVE-2024-28175Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
  >= 1.0.0
• CRITICAL9.0CVE-2024-28175Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
  >= 1.0.0, <= 1.8.7
• CRITICAL9.0CVE-2023-22482JWT audience claim is not verified in github.com/argoproj/argo-cd
  >= 1.8.2
• CRITICAL9.0CVE-2023-22482JWT audience claim is not verified in github.com/argoproj/argo-cd
  >= 1.8.2, < 2.3.14
• CRITICAL9.0CVE-2022-31035Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
  >= 1.0.0
• CRITICAL9.0CVE-2022-31035Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
  >= 1.0.0, < 2.1.16
• HIGH8.8CVE-2022-1025Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
  >= 0.5.0
• HIGH8.8CVE-2022-1025Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
  >= 0.5.0, <= 1.8.7
• HIGH8.8CVE-2020-8828Argo CD Insecure default administrative password
  from 0, <= 1.8.0
• HIGH8.5CVE-2023-22736Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
  from 0
• HIGH8.3CVE-2024-22424github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability
  >= 0.1.0, <= 1.8.7
• HIGH8.3CVE-2022-31105Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
  >= 0.4.0
• HIGH8.3CVE-2022-31105Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
  >= 0.4.0, < 2.2.11
• HIGH8.3CVE-2022-31034Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
  >= 0.11.0, < 2.1.16
• HIGH8.3CVE-2022-31034Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
  >= 0.11.0
• HIGH7.7CVE-2022-24730Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
  >= 1.3.0
• HIGH7.7CVE-2022-24730Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
  >= 1.3.0, < 2.1.11
• HIGH7.7CVE-2022-24348Path traversal and dereference of symlinks in Argo CD
  from 0
• HIGH7.7CVE-2022-24348Path traversal and dereference of symlinks in Argo CD
  from 0, < 2.1.9
• HIGH7.5CVE-2025-59538Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook
  from 0
• HIGH7.5CVE-2025-59537argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload in github.com/argoproj/argo-cd
  >= 1.2.0, <= 1.8.7
• HIGH7.5CVE-2025-59537argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload in github.com/argoproj/argo-cd
  >= 1.2.0
• HIGH7.5CVE-2025-59531Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd
  >= 1.2.0, <= 1.8.7
• HIGH7.5CVE-2025-59531Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd
  >= 1.2.0
• HIGH7.5CVE-2024-40634Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
  >= 1.0.0
• HIGH7.5CVE-2024-40634Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
  >= 1.0.0, <= 1.8.7
• HIGH7.5CVE-2024-21661Argo CD Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment
  from 0, <= 1.8.7
• HIGH7.5CVE-2020-8827Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
  from 0, < 1.5.1
• HIGH7.5CVE-2020-8827Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
  from 0, < 1.5.1
• HIGH7.3CVE-2026-45738Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation
  from 0, <= 1.8.7
• HIGH7.1CVE-2023-40025Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
  from 0
• MEDIUM6.8CVE-2025-23216Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd
  from 0, <= 1.8.7
• MEDIUM6.8CVE-2025-23216Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd
  from 0
• MEDIUM6.8CVE-2022-24731Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
  >= 1.5.0, < 2.1.11
• MEDIUM6.8CVE-2022-24731Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
  >= 1.5.0
• MEDIUM6.5CVE-2025-55191Repository Credentials Race Condition Crashes Argo CD Server
  from 0
• MEDIUM6.5CVE-2024-32476Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences
  from 0
• MEDIUM6.5CVE-2023-40584Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
  from 0
• MEDIUM6.5CVE-2022-31016DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
  >= 0.7.0
• MEDIUM6.5CVE-2022-31016DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
  >= 0.7.0, < 2.1.16
• MEDIUM6.5CVE-2018-21034Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
  from 0, < 1.5.0-rc1
• MEDIUM6.5CVE-2018-21034Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
  from 0, < 1.5.0-rc1
• MEDIUM6.4CVE-2023-50726Users with `create` but not `override` privileges can perform local sync in argo-cd
  >= 1.2.0-rc1, <= 1.8.7
• MEDIUM6.4CVE-2023-50726Users with `create` but not `override` privileges can perform local sync in argo-cd
  >= 1.2.0-rc1
• MEDIUM5.3CVE-2024-37152Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
  from 0
• MEDIUM5.3CVE-2022-41354Argo CD authenticated but unauthorized users may enumerate Application names via the API
  >= 0.5.0
• MEDIUM5.3CVE-2022-41354Argo CD authenticated but unauthorized users may enumerate Application names via the API
  >= 0.5.0, <= 1.8.7
• MEDIUM5.3CVE-2020-11576Observable Discrepancy in Argo in github.com/argoproj/argo-cd
  >= 1.5.0, < 1.5.1
• MEDIUM5.3CVE-2020-11576Observable Discrepancy in Argo in github.com/argoproj/argo-cd
  >= 1.5.0, < 1.5.1
• MEDIUM5.0CVE-2023-40026Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
  from 0, <= 1.8.7
• MEDIUM5.0CVE-2023-40026Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
  from 0
• MEDIUM4.8CVE-2024-31990Argo CD's API server does not enforce project sourceNamespaces
  from 0
• MEDIUM4.7CVE-2024-41666The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
  from 0
• MEDIUM4.7CVE-2021-23347Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
  from 0, < 1.7.13, >= 1.8.0, < 1.8.6
• MEDIUM4.3CVE-2024-36106Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
  >= 0.11.0, < 2.9.17
• MEDIUM4.3CVE-2024-36106Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
  >= 0.11.0
• MEDIUM4.3CVE-2022-31036Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
  >= 1.3.0, < 2.1.16
• MEDIUM4.3CVE-2022-31036Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
  >= 1.3.0
• MEDIUM4.3CVE-2022-24905Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
  from 0
• MEDIUM4.3CVE-2022-24905Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
  from 0, < 2.1.15
• MEDIUM4.3CVE-2022-24904Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
  from 0
• LOW2.6CVE-2022-31102Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
  >= 2.3.0, < 2.3.6
• LOW2.6CVE-2022-31102Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
  from 0