github.com/argoproj/argo-cd vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-45738Highgithub.com/argoproj/argo-cd/v3: Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalationCVE-2025-59537Highgithub.com/argoproj/argo-cd: argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payloadCVE-2025-59531Highgithub.com/argoproj/argo-cd: Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payloadCVE-2025-47933Criticalgithub.com/argoproj/argo-cd: Argo CD allows cross-site scripting on repositories pageCVE-2025-23216Mediumgithub.com/argoproj/argo-cd/v2: Argo CD does not scrub secret values from patch errorsCVE-2024-40634Highgithub.com/argoproj/argo-cd: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook EndpointCVE-2024-36106Mediumgithub.com/argoproj/argo-cd: Argo-cd authenticated users can enumerate clusters by nameCVE-2024-31989Criticalgithub.com/argoproj/argo-cd/v2: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis CacheCVE-2024-21661Highgithub.com/argoproj/argo-cd: Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded EnvironmentCVE-2024-28175Criticalgithub.com/argoproj/argo-cd/v2: Cross-site scripting on application summary componentCVE-2023-50726Mediumgithub.com/argoproj/argo-cd: Users with `create` but not `override` privileges can perform local syncCVE-2024-22424Highgithub.com/argoproj/argo-cd: github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerabilityCVE-2023-40026Mediumgithub.com/argoproj/argo-cd: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-serverCVE-2022-41354Mediumgithub.com/argoproj/argo-cd: Argo CD authenticated but unauthorized users may enumerate Application names via the APICVE-2023-23947Criticalgithub.com/argoproj/argo-cd: Users with any cluster secret update access may update out-of-bounds cluster secretsCVE-2023-22482Criticalgithub.com/argoproj/argo-cd: JWT audience claim is not verifiedCVE-2022-1025Highgithub.com/argoproj/argo-cd: Argo CD improper access control bug can allow malicious user to escalate privileges to admin levelCVE-2022-31102Lowgithub.com/argoproj/argo-cd: Argo CD SSO users vulnerable to Cross-site ScriptingCVE-2022-31105Highgithub.com/argoproj/argo-cd: Argo CD certificate verification is skipped for connections to OIDC providersCVE-2022-31016Mediumgithub.com/argoproj/argo-cd: DoS through large manifest files in Argo CDCVE-2022-31036Mediumgithub.com/argoproj/argo-cd: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-serverCVE-2022-31035Criticalgithub.com/argoproj/argo-cd: Argo CD's external URLs for Deployments can include JavaScriptCVE-2022-31034Highgithub.com/argoproj/argo-cd: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC paramsCVE-2022-29165Criticalgithub.com/argoproj/argo-cd/v2: Argo CD will blindly trust JWT claims if anonymous access is enabledCVE-2018-21034Mediumgithub.com/argoproj/argo-cd: Argo Exposure of Sensitive Information

Stop the waste.
Protect your environment with Kodem.