pkg:Go/github.com/argoproj/argo-cd/v3
15 total CVEsCRITICAL5HIGH7MEDIUM3
✅ Check your installed version
All known vulnerabilities
- from 0, < 3.0.14, >= 3.1.0-rc1, < 3.1.2
- from 0, < 3.0.14
- >= 3.2.0, < 3.2.11
- from 0, < 3.0.4
- from 0, < 3.0.4
- HIGH7.5CVE-2025-59538Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook>= 3.2.0-rc1, < 3.2.0-rc2
- HIGH7.5CVE-2025-59538Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook>= 3.0.0-rc1, < 3.0.19, >= 3.1.0-rc1, < 3.1.8, >= 3.2.0-rc1, < 3.2.0-rc2
- HIGH7.5CVE-2025-59537argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload in github.com/argoproj/argo-cd>= 3.0.0-rc1, < 3.0.19, >= 3.1.0-rc1, < 3.1.8, >= 3.2.0-rc1, < 3.2.0-rc2
- HIGH7.5CVE-2025-59537argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload in github.com/argoproj/argo-cd>= 3.2.0-rc1, < 3.2.0-rc2
- HIGH7.5CVE-2025-59531Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd>= 3.0.0-rc1, < 3.0.19, >= 3.1.0-rc1, < 3.1.8, >= 3.2.0-rc1, < 3.2.0-rc2
- HIGH7.5CVE-2025-59531Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd>= 3.2.0-rc1, < 3.2.0-rc2
- HIGH7.3CVE-2026-45738Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalationfrom 0, < 3.2.12
- >= 3.2.0-rc1, < 3.2.0-rc2
- >= 3.0.0-rc1, < 3.0.19, >= 3.1.0-rc1, < 3.1.8, >= 3.2.0-rc1, < 3.2.0-rc2
- MEDIUM6.3CVE-2026-45737Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations>= 3.2.0, < 3.2.12