Launch Week Day 1: Announcing Security Design Review
Start for Free
go

github.com/argoproj/argo-cd/v3

View on go registry
15 Total advisories
15 Vulnerabilities
0 Malware

Vulnerabilities

HIGH 7.3
Go

CVE-2026-45738

Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation
MEDIUM 6.3
Go

CVE-2026-45737

Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations
CRITICAL 9.6
Go

CVE-2026-42880

ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction
UNKNOWN
Go

CVE-2025-59531

Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2025-59537

argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload in github.com/argoproj/argo-cd
CRITICAL 9.9
Go

CVE-2025-55190

Argo CD's Project API Token Exposes Repository Credentials
CRITICAL 9.0
Go

CVE-2025-47933

Argo CD allows cross-site scripting on repositories page
UNKNOWN
Go

CVE-2025-55190

Argo CD's Project API Token Exposes Repository Credentials in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2025-47933

Argo CD allows cross-site scripting on repositories page in github.com/argoproj/argo-cd
HIGH 7.5
Go

CVE-2025-59538

Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook
HIGH 7.5
Go

CVE-2025-59537

argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload
HIGH 7.5
Go

CVE-2025-59531

Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload
MEDIUM 6.5
Go

CVE-2025-55191

Repository Credentials Race Condition Crashes Argo CD Server
UNKNOWN
Go

CVE-2025-55191

Repository Credentials Race Condition Crashes Argo CD Server in github.com/argoproj/argo-cd
UNKNOWN
Go

CVE-2025-59538

Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook in github.com/argoproj/argo-cd

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes