| CVE-2026-42880 |
critical |
9.6 |
9.6 |
|
|
|
22d ago |
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction |
| CVE-2026-45738 |
high |
— |
8.0 |
|
|
|
10d ago |
Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation |
| CVE-2026-45737 |
medium |
— |
5.5 |
|
|
|
10d ago |
Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations |
| CVE-2025-59538 |
unknown |
— |
— |
|
|
|
8mo ago |
Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook in github.com/argoproj/argo-cd |
| CVE-2025-59537 |
unknown |
— |
— |
|
|
|
8mo ago |
argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload in github.com/argoproj/argo-cd |
| CVE-2025-59531 |
unknown |
— |
— |
|
|
|
8mo ago |
Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd |
| CVE-2025-55191 |
unknown |
— |
— |
|
|
|
8mo ago |
Repository Credentials Race Condition Crashes Argo CD Server in github.com/argoproj/argo-cd |
| CVE-2025-55190 |
unknown |
— |
— |
|
|
|
9mo ago |
Argo CD's Project API Token Exposes Repository Credentials in github.com/argoproj/argo-cd |
| CVE-2025-47933 |
unknown |
— |
— |
|
|
|
1y ago |
Argo CD allows cross-site scripting on repositories page in github.com/argoproj/argo-cd |