Security Advisories for github.com/argoproj/argo-cd/v2 in go
High
3 days ago
Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook
go
github.com/argoproj/argo-cd/v3, github.com/argoproj/argo-cd/v2
High
3 days ago
argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload
go
github.com/argoproj/argo-cd/v3, github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
High
3 days ago
Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload
go
github.com/argoproj/argo-cd/v3, github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Moderate
3 days ago
Repository Credentials Race Condition Crashes Argo CD Server
go
github.com/argoproj/argo-cd/v3, github.com/argoproj/argo-cd/v2
Critical
29 days ago
Argo CD's Project API Token Exposes Repository Credentials
go
github.com/argoproj/argo-cd/v3, github.com/argoproj/argo-cd/v2
Critical
4 months ago
Argo CD allows cross-site scripting on repositories page
go
github.com/argoproj/argo-cd/v3, github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Moderate
8 months ago
Argo CD does not scrub secret values from patch errors
go
github.com/argoproj/argo-cd/v2
Moderate
about 1 year ago
The Argo CD web terminal session does not handle the revocation of user permissions properly
go
github.com/argoproj/argo-cd/v2
Critical
over 1 year ago
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
go
github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
Moderate
over 1 year ago
Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences
go
github.com/argoproj/argo-cd/v2
Moderate
over 1 year ago
Argo CD's API server does not enforce project sourceNamespaces
go
github.com/argoproj/argo-cd/v2
Moderate
over 1 year ago
ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability
go
github.com/argoproj/argo-cd/v2
Moderate
over 1 year ago
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
go
github.com/argoproj/argo-cd/v2
High
over 1 year ago
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment
go
github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Critical
over 1 year ago
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
go
github.com/argoproj/argo-cd/v2
Critical
over 1 year ago
Cross-site scripting on application summary component
go
github.com/argoproj/argo-cd/v2
Moderate
over 1 year ago
Users with `create` but not `override` privileges can perform local sync
go
github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
High
over 1 year ago
github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability
go
github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Moderate
about 2 years ago
Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server
go
github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Moderate
about 2 years ago
Argo CD repo-server Denial of Service vulnerability
go
github.com/argoproj/argo-cd/v2
Critical
about 2 years ago
Argo CD cluster secret might leak in cluster details page
go
github.com/argoproj/argo-cd/v2
High
about 2 years ago
Argo CD web terminal session doesn't expire
go
github.com/argoproj/argo-cd/v2
Moderate
over 2 years ago
Argo CD authenticated but unauthorized users may enumerate Application names via the API
go
github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Moderate
over 2 years ago
Argo CD leaks repository credentials in user-facing error messages and in logs
go
github.com/argoproj/argo-cd/v2
High
over 2 years ago
Controller reconciles apps outside configured namespaces when sharding is enabled
go
github.com/argoproj/argo-cd/v2
High
about 3 years ago
Argo CD improper access control bug can allow malicious user to escalate privileges to admin level
go
github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Moderate
over 3 years ago
DoS through large manifest files in Argo CD
go
github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Moderate
over 3 years ago
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
go
github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Critical
over 3 years ago
Argo CD's external URLs for Deployments can include JavaScript
go
github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
High
over 3 years ago
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
go
github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Critical
over 3 years ago
Argo CD will blindly trust JWT claims if anonymous access is enabled
go
github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
Moderate
over 3 years ago
Login screen allows message spoofing if SSO is enabled
go
github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
Moderate
over 3 years ago
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
go
github.com/argoproj/argo-cd/v2
High
over 3 years ago
Path traversal and dereference of symlinks in Argo CD
go
github.com/argoproj/argo-cd/v2
Moderate
over 4 years ago
Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2
go
github.com/argoproj/argo-cd/v2