Launch Week Day 1: Announcing Security Design Review
Start for Free
go

github.com/argoproj/argo-cd/v2

View on go registry
79 Total advisories
79 Vulnerabilities
0 Malware

Vulnerabilities

HIGH 7.3
Go

CVE-2026-45738

Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation
UNKNOWN
Go

CVE-2025-59531

Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2025-59537

argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload in github.com/argoproj/argo-cd
HIGH 7.7
Go

CVE-2022-24348

Path traversal and dereference of symlinks in Argo CD
MEDIUM 4.7
Go

CVE-2021-23347

Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2
MEDIUM 5.3
Go

CVE-2022-41354

Argo CD authenticated but unauthorized users may enumerate Application names via the API
UNKNOWN
Go

CVE-2022-24768

Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2022-1025

Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
HIGH 8.8
Go

CVE-2022-1025

Argo CD improper access control bug can allow malicious user to escalate privileges to admin level
UNKNOWN
Go

CVE-2024-37152

Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2023-40026

Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2023-40029

Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2023-40584

Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2022-41354

Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2023-23947

Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2023-22482

JWT audience claim is not verified in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2023-22736

Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2022-31105

Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2022-31036

Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2022-31102

Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2022-24348

Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2024-36106

Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2023-40025

Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2022-31016

DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2022-31035

Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2022-31034

Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2022-29165

Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2022-24905

Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2022-24904

Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2022-24731

Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2022-24730

Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
CRITICAL 9.9
Go

CVE-2025-55190

Argo CD's Project API Token Exposes Repository Credentials
UNKNOWN
Go

CVE-2024-21652

Brute force protection bypass in github.com/argoproj/argo-cd/v2
UNKNOWN
Go

CVE-2024-40634

Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
MEDIUM 4.8
Go

CVE-2024-31990

Argo CD's API server does not enforce project sourceNamespaces
CRITICAL 9.0
Go

CVE-2024-31989

ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
MEDIUM 5.4
Go

CVE-2024-21652

Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
UNKNOWN
Go

CVE-2025-23216

Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2024-28175

Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
MEDIUM 6.5
Go

CVE-2024-32476

Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences
CRITICAL 9.0
Go

CVE-2025-47933

Argo CD allows cross-site scripting on repositories page
UNKNOWN
Go

CVE-2025-55190

Argo CD's Project API Token Exposes Repository Credentials in github.com/argoproj/argo-cd
CRITICAL 9.8
Go

CVE-2024-21652

Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
UNKNOWN
Go

CVE-2024-41666

The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2024-31989

ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2024-32476

Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2024-29893

Out of memory crash from malicious Helm registry in github.com/argoproj/argo-cd/v2
MEDIUM 6.4
Go

CVE-2023-50726

Users with `create` but not `override` privileges can perform local sync
UNKNOWN
Go

CVE-2023-50726

Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
CRITICAL 9.0
Go

CVE-2024-28175

Cross-site scripting on application summary component
MEDIUM 6.5
Go

CVE-2024-29893

ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability
UNKNOWN
Go

CVE-2025-47933

Argo CD allows cross-site scripting on repositories page in github.com/argoproj/argo-cd
MEDIUM 6.8
Go

CVE-2025-23216

Argo CD does not scrub secret values from patch errors
UNKNOWN
Go

CVE-2024-31990

Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
HIGH 7.5
Go

CVE-2024-40634

Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
HIGH 8.3
Go

CVE-2024-22424

github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability
MEDIUM 4.7
Go

CVE-2024-41666

The Argo CD web terminal session does not handle the revocation of user permissions properly
HIGH 7.5
Go

CVE-2025-59538

Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook
HIGH 7.5
Go

CVE-2025-59537

argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload
HIGH 7.5
Go

CVE-2025-59531

Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload
MEDIUM 6.5
Go

CVE-2025-55191

Repository Credentials Race Condition Crashes Argo CD Server
UNKNOWN
Go

CVE-2025-55191

Repository Credentials Race Condition Crashes Argo CD Server in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2025-59538

Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook in github.com/argoproj/argo-cd
HIGH 7.1
Go

CVE-2023-40025

Argo CD web terminal session doesn't expire
HIGH 8.5
Go

CVE-2023-22736

Controller reconciles apps outside configured namespaces when sharding is enabled
MEDIUM 6.3
Go

CVE-2023-25163

Argo CD leaks repository credentials in user-facing error messages and in logs
CRITICAL 9.0
Go

CVE-2022-31035

Argo CD's external URLs for Deployments can include JavaScript
CRITICAL 10.0
Go

CVE-2022-29165

Argo CD will blindly trust JWT claims if anonymous access is enabled
MEDIUM 4.3
Go

CVE-2022-31036

Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
MEDIUM 6.5
Go

CVE-2022-31016

DoS through large manifest files in Argo CD
MEDIUM 4.3
Go

CVE-2022-24904

Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
HIGH 8.3
Go

CVE-2022-31034

Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
MEDIUM 4.3
Go

CVE-2022-24905

Login screen allows message spoofing if SSO is enabled
MEDIUM 5.0
Go

CVE-2023-40026

Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server
MEDIUM 6.5
Go

CVE-2023-40584

Argo CD repo-server Denial of Service vulnerability
CRITICAL 9.9
Go

CVE-2023-40029

Argo CD cluster secret might leak in cluster details page
HIGH 7.5
Go

CVE-2024-21661

Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment
UNKNOWN
Go

CVE-2024-21661

Denial of service in github.com/argoproj/argo-cd/v2
UNKNOWN
Go

CVE-2023-25163

Repository access credential leak in github.com/argoproj/argo-cd/v2

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes