github.com/argoproj/argo-cd/v2 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-45738Highgithub.com/argoproj/argo-cd/v3: Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalationCVE-2025-59538Highgithub.com/argoproj/argo-cd/v2: Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhookCVE-2025-59537Highgithub.com/argoproj/argo-cd: argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payloadCVE-2025-59531Highgithub.com/argoproj/argo-cd: Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payloadCVE-2025-55191Mediumgithub.com/argoproj/argo-cd/v2: Repository Credentials Race Condition Crashes Argo CD ServerCVE-2025-55190Criticalgithub.com/argoproj/argo-cd/v2: Argo CD's Project API Token Exposes Repository CredentialsCVE-2025-47933Criticalgithub.com/argoproj/argo-cd: Argo CD allows cross-site scripting on repositories pageCVE-2025-23216Mediumgithub.com/argoproj/argo-cd/v2: Argo CD does not scrub secret values from patch errorsCVE-2024-41666Mediumgithub.com/argoproj/argo-cd/v2: The Argo CD web terminal session does not handle the revocation of user permissions properlyCVE-2024-40634Highgithub.com/argoproj/argo-cd: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook EndpointCVE-2024-31989Criticalgithub.com/argoproj/argo-cd/v2: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis CacheCVE-2024-32476Mediumgithub.com/argoproj/argo-cd/v2: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferencesCVE-2024-31990Mediumgithub.com/argoproj/argo-cd/v2: Argo CD's API server does not enforce project sourceNamespacesCVE-2024-29893Mediumgithub.com/argoproj/argo-cd/v2: ArgoCD's repo server has Uncontrolled Resource Consumption vulnerabilityCVE-2024-21662Mediumgithub.com/argoproj/argo-cd/v2: Bypassing Rate Limit and Brute Force Protection Using Cache OverflowCVE-2024-21661Highgithub.com/argoproj/argo-cd: Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded EnvironmentCVE-2024-21652Criticalgithub.com/argoproj/argo-cd/v2: Bypassing Brute Force Protection via Application Crash and In-Memory Data LossCVE-2024-28175Criticalgithub.com/argoproj/argo-cd/v2: Cross-site scripting on application summary componentCVE-2023-50726Mediumgithub.com/argoproj/argo-cd: Users with `create` but not `override` privileges can perform local syncCVE-2024-22424Highgithub.com/argoproj/argo-cd: github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerabilityCVE-2023-40026Mediumgithub.com/argoproj/argo-cd: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-serverCVE-2023-40584Mediumgithub.com/argoproj/argo-cd/v2: Argo CD repo-server Denial of Service vulnerabilityCVE-2023-40029Criticalgithub.com/argoproj/argo-cd/v2: Argo CD cluster secret might leak in cluster details pageCVE-2023-40025Highgithub.com/argoproj/argo-cd/v2: Argo CD web terminal session doesn't expireCVE-2022-41354Mediumgithub.com/argoproj/argo-cd: Argo CD authenticated but unauthorized users may enumerate Application names via the API

Stop the waste.
Protect your environment with Kodem.