Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go

github.com/argoproj/argo-cd

go · Repository · Package

Security Advisories for github.com/argoproj/argo-cd in go

High
2 days ago

argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload GSA_kwCzR0hTQS13cDRwLTlweGgtY2d4Ms4ABMyX

go github.com/argoproj/argo-cd/v3, github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
High
2 days ago

Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload GSA_kwCzR0hTQS1mOWdxLXBycmMtaHJoY84ABMyW

go github.com/argoproj/argo-cd/v3, github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Critical
4 months ago

Argo CD allows cross-site scripting on repositories page GSA_kwCzR0hTQS0yaGo1LWc2NGctZnA2cM4ABIbo

go github.com/argoproj/argo-cd/v3, github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
High
about 1 year ago

Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint GSA_kwCzR0hTQS1qbXZwLTY5OGMtNHgzd84AA-FK

go github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Moderate
over 1 year ago

Argo-cd authenticated users can enumerate clusters by name GSA_kwCzR0hTQS0zY3FmLTk1M3AtaDVjcM4AA8wv

go github.com/argoproj/argo-cd
Critical
over 1 year ago

ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache GSA_kwCzR0hTQS05NzY2LTUyNzctajVocs4AA8aY

go github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
High
over 1 year ago

Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment GSA_kwCzR0hTQS02djg1LXdyOTItcTRwN84AA6Gh

go github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Moderate
over 1 year ago

Users with `create` but not `override` privileges can perform local sync GSA_kwCzR0hTQS1nNjIzLWpjZ2ctbWhtbc4AA6Bz

go github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
High
over 1 year ago

github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability GSA_kwCzR0hTQS05Mm13LXEyNTYtNXZ3Z84AA4lC

go github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Moderate
about 2 years ago

Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server GSA_kwCzR0hTQS02anF3LWp3ZjUtcnA4aM4AA2HB

go github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Moderate
over 2 years ago

Argo CD authenticated but unauthorized users may enumerate Application names via the API GSA_kwCzR0hTQS0ycTVjLXF3OWMtZm12cc4AAyQf

go github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Critical
over 2 years ago

Users with any cluster secret update access may update out-of-bounds cluster secrets GSA_kwCzR0hTQS0zamZxLTc0MncteGc4as4AAxrA

go github.com/argoproj/argo-cd
Critical
over 2 years ago

JWT audience claim is not verified GSA_kwCzR0hTQS1xOWhyLWo0cmYtOGZqY84AAxJD

go github.com/argoproj/argo-cd
High
about 3 years ago

Argo CD improper access control bug can allow malicious user to escalate privileges to admin level GSA_kwCzR0hTQS05Nmp2LXZqMzkteDRqNs4AAtU8

go github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Low
about 3 years ago

Argo CD SSO users vulnerable to Cross-site Scripting GSA_kwCzR0hTQS1wbWpnLTUyaDktNzJxds4AAtUK

go github.com/argoproj/argo-cd
High
about 3 years ago

Argo CD certificate verification is skipped for connections to OIDC providers GSA_kwCzR0hTQS03OTQzLTgyamctd213Nc4AAtUJ

go github.com/argoproj/argo-cd
Moderate
over 3 years ago

DoS through large manifest files in Argo CD GSA_kwCzR0hTQS1qaHFwLXZmNHctcnB3cc4AAs5e

go github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Moderate
over 3 years ago

Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server GSA_kwCzR0hTQS1xNHc1LTRncTItOTh2bc4AAs5a

go github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Critical
over 3 years ago

Argo CD's external URLs for Deployments can include JavaScript GSA_kwCzR0hTQS1oNHc5LTZ4NzgtOHZyas4AAs5Z

go github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
High
over 3 years ago

Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params GSA_kwCzR0hTQS0ybTdoLTg2cXEtZnA0ds4AAs5Y

go github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Critical
over 3 years ago

Argo CD will blindly trust JWT claims if anonymous access is enabled GSA_kwCzR0hTQS1yNjQyLWd2OXAtMndqas4AAqwZ

go github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
Moderate
over 3 years ago

Argo Exposure of Sensitive Information GSA_kwCzR0hTQS14ajd2LWM4MnctOTJxMs4AAkND

go github.com/argoproj/argo-cd
Moderate
over 3 years ago

Login screen allows message spoofing if SSO is enabled GSA_kwCzR0hTQS14bWc4LTk5cjgtamMyas4AAgd9

go github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
Critical
over 3 years ago

Improper access control allows admin privilege escalation in Argo CD GSA_kwCzR0hTQS0yZjV2LThyM2YtOHB3d801hA

go github.com/argoproj/argo-cd
Moderate
over 3 years ago

Path traversal allows leaking out-of-bound files from Argo CD repo-server GSA_kwCzR0hTQS1oNmg1LTZmbXEtcmgyOM01gw

go github.com/argoproj/argo-cd
High
over 3 years ago

Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server GSA_kwCzR0hTQS1yOWNyLWh2amotNDk2ds01gg

go github.com/argoproj/argo-cd
Moderate
almost 4 years ago

Observable Discrepancy in Argo MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZqNTQtY2pyeC14Njk2

go github.com/argoproj/argo-cd
High
about 4 years ago

Improper Restriction of Excessive Authentication Attempts in Argo API MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjcXItOWgyNC12cmd3

go github.com/argoproj/argo-cd
High
about 4 years ago

Argo CD Insecure default administrative password MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg4amMtam1yZi05aDhm

go github.com/argoproj/argo-cd
Moderate
over 4 years ago

Helm OCI credentials leaked into Argo CD logs MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3ODctZzgzOS05d3Y3

go github.com/argoproj/argo-cd

Filter by Severity

Moderate 11 High 11 Critical 7 Low 1