| CVE-2026-45738 |
high |
— |
8.0 |
|
|
|
10d ago |
Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation |
| CVE-2025-59538 |
unknown |
— |
— |
|
|
|
8mo ago |
Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook in github.com/argoproj/argo-cd |
| CVE-2025-59537 |
unknown |
— |
— |
|
|
|
8mo ago |
argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload in github.com/argoproj/argo-cd |
| CVE-2025-59531 |
unknown |
— |
— |
|
|
|
8mo ago |
Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd |
| CVE-2025-55191 |
unknown |
— |
— |
|
|
|
8mo ago |
Repository Credentials Race Condition Crashes Argo CD Server in github.com/argoproj/argo-cd |
| CVE-2025-55190 |
unknown |
— |
— |
|
|
|
9mo ago |
Argo CD's Project API Token Exposes Repository Credentials in github.com/argoproj/argo-cd |
| CVE-2025-47933 |
unknown |
— |
— |
|
|
|
1y ago |
Argo CD allows cross-site scripting on repositories page in github.com/argoproj/argo-cd |
| CVE-2025-23216 |
unknown |
— |
— |
|
|
|
1y ago |
Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd |
| CVE-2024-41666 |
unknown |
— |
— |
|
|
|
2y ago |
The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd |
| CVE-2024-40634 |
unknown |
— |
— |
|
|
|
2y ago |
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd |
| CVE-2024-37152 |
unknown |
— |
— |
|
|
|
2y ago |
Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd |
| CVE-2024-36106 |
unknown |
— |
— |
|
|
|
2y ago |
Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd |
| CVE-2024-31989 |
unknown |
— |
— |
|
|
|
2y ago |
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd |
| CVE-2024-32476 |
unknown |
— |
— |
|
|
|
2y ago |
Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd |
| CVE-2024-31990 |
unknown |
— |
— |
|
|
|
2y ago |
Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd |
| CVE-2024-29893 |
unknown |
— |
— |
|
|
|
2y ago |
Out of memory crash from malicious Helm registry in github.com/argoproj/argo-cd/v2 |
| CVE-2024-21652 |
unknown |
— |
— |
|
|
|
2y ago |
Brute force protection bypass in github.com/argoproj/argo-cd/v2 |
| CVE-2024-21662 |
unknown |
— |
— |
|
|
|
2y ago |
Brute force protection bypass in github.com/argoproj/argo-cd/v2 |
| CVE-2024-21661 |
unknown |
— |
— |
|
|
|
2y ago |
Denial of service in github.com/argoproj/argo-cd/v2 |
| CVE-2024-28175 |
unknown |
— |
— |
|
|
|
2y ago |
Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2 |
| CVE-2023-50726 |
unknown |
— |
— |
|
|
|
2y ago |
Bypass manifest during application creation in github.com/argoproj/argo-cd/v2 |
| CVE-2024-22424 |
unknown |
— |
— |
|
|
|
2y ago |
github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability |
| CVE-2023-40026 |
unknown |
— |
— |
|
|
|
3y ago |
Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd |
| CVE-2023-40584 |
unknown |
— |
— |
|
|
|
3y ago |
Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd |
| CVE-2023-40029 |
unknown |
— |
— |
|
|
|
3y ago |
Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd |
| CVE-2023-40025 |
unknown |
— |
— |
|
|
|
3y ago |
Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd |
| CVE-2022-41354 |
unknown |
— |
— |
|
|
|
3y ago |
Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd |
| CVE-2023-23947 |
unknown |
— |
— |
|
|
|
3y ago |
Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd |
| CVE-2023-25163 |
unknown |
— |
— |
|
|
|
3y ago |
Repository access credential leak in github.com/argoproj/argo-cd/v2 |
| CVE-2023-22482 |
unknown |
— |
— |
|
|
|
3y ago |
JWT audience claim is not verified in github.com/argoproj/argo-cd |
| CVE-2023-22736 |
unknown |
— |
— |
|
|
|
3y ago |
Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd |
| CVE-2022-1025 |
unknown |
— |
— |
|
|
|
4y ago |
Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd |
| CVE-2022-31102 |
unknown |
— |
— |
|
|
|
4y ago |
Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd |
| CVE-2022-31105 |
unknown |
— |
— |
|
|
|
4y ago |
Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd |
| CVE-2022-31016 |
unknown |
— |
— |
|
|
|
4y ago |
DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd |
| CVE-2022-31036 |
unknown |
— |
— |
|
|
|
4y ago |
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd |
| CVE-2022-31035 |
unknown |
— |
— |
|
|
|
4y ago |
Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd |
| CVE-2022-31034 |
unknown |
— |
— |
|
|
|
4y ago |
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd |
| CVE-2022-29165 |
unknown |
— |
— |
|
|
|
4y ago |
Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd |
| CVE-2022-24905 |
unknown |
— |
— |
|
|
|
4y ago |
Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd |
| CVE-2022-24904 |
unknown |
— |
— |
|
|
|
4y ago |
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd |
| CVE-2022-24768 |
unknown |
— |
— |
|
|
|
4y ago |
Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd |
| CVE-2022-24731 |
unknown |
— |
— |
|
|
|
4y ago |
Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd |
| CVE-2022-24730 |
unknown |
— |
— |
|
|
|
4y ago |
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd |
| CVE-2022-24348 |
unknown |
— |
— |
|
|
|
4y ago |
Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd |
| CVE-2021-23347 |
unknown |
— |
— |
|
|
|
5y ago |
Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd |