Github.com/argoproj/argo-cd/v2

This hub aggregates every CVE we track for Github.com/argoproj/argo-cd/v2, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Github.com/argoproj/argo-cd/v2.

• CVE-2025-59538Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook7.5Oct 1, 2025
• CVE-2025-59537argo-cd is vulnerable to unauthenticated DoS attack via malformed Gogs webhook payload7.5Oct 1, 2025
• CVE-2025-59531Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload7.5Oct 1, 2025
• CVE-2025-55191Repository Credentials Race Condition Crashes Argo CD Server6.5Sep 30, 2025
• CVE-2025-55190Argo CD: Project API Token Exposes Repository Credentials9.9Sep 4, 2025
• CVE-2025-47933Argo CD allows cross-site scripting on repositories page9.0May 29, 2025
• CVE-2025-23216Argo CD does not scrub secret values from patch errors6.8Jan 30, 2025
• CVE-2024-41666The Argo CD web terminal session does not handle the revocation of user permissions properly.4.7Jul 24, 2024
• CVE-2024-40634Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint7.5Jul 22, 2024
• CVE-2024-31989ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache9.0May 21, 2024
• CVE-2024-32476Denial of Service via malicious jqPathExpressions in ignoreDifferences6.5Apr 26, 2024
• CVE-2024-31990Argo CD' API server does not enforce project sourceNamespaces4.8Apr 15, 2024
• CVE-2024-29893Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server6.5Mar 29, 2024
• CVE-2024-21662Argo CD vulnerable to Bypassing of Rate Limit and Brute Force Protection Using Cache Overflow7.5Mar 18, 2024
• CVE-2024-21661Argo CD Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment7.5Mar 18, 2024