Github.com/argoproj/argo-cd

This hub aggregates every CVE we track for Github.com/argoproj/argo-cd, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Github.com/argoproj/argo-cd.

• CVE-2025-59537argo-cd is vulnerable to unauthenticated DoS attack via malformed Gogs webhook payload7.5Oct 1, 2025
• CVE-2025-59531Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload7.5Oct 1, 2025
• CVE-2025-47933Argo CD allows cross-site scripting on repositories page9.0May 29, 2025
• CVE-2025-23216Argo CD does not scrub secret values from patch errors6.8Jan 30, 2025
• CVE-2024-40634Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint7.5Jul 22, 2024
• CVE-2024-36106Argo CD allows authenticated users to enumerate clusters by name4.3Jun 6, 2024
• CVE-2024-31989ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache9.0May 21, 2024
• CVE-2024-21661Argo CD Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment7.5Mar 18, 2024
• CVE-2023-50726Users with `create` but not `override` privileges can perform local sync in argo-cd6.4Mar 13, 2024
• CVE-2024-28175Cross-site scripting on application summary component in argo-cd9.0Mar 13, 2024
• CVE-2024-22424Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd8.3Jan 19, 2024
• CVE-2023-40026Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server5.0Sep 27, 2023
• CVE-2022-41354An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.4.3Mar 27, 2023
• CVE-2023-23947Argo CD users with any cluster secret update access may update out-of-bounds cluster secrets9.1Feb 16, 2023
• CVE-2023-22482JWT audience claim is not verified9.0Jan 25, 2023