argoproj

Top products

The 15 most recently published vulnerabilities affecting argoproj.

• CVE-2026-42296Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure8.1May 9, 2026
• CVE-2026-42295Argo Workflows: Exposure of artifact repository credentials4.9May 9, 2026
• CVE-2026-42294Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor7.5May 9, 2026
• CVE-2026-42183Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)6.5May 9, 2026
• CVE-2026-42297Argo Workflows Is Missing Authorization in Sync ConfigMap Provider8.3May 9, 2026
• CVE-2026-42880ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction9.6May 7, 2026
• CVE-2026-43824In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.7.7May 2, 2026
• CVE-2026-40886Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller7.7Apr 23, 2026
• CVE-2026-31892WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode8.1Mar 11, 2026
• CVE-2026-28229Argo Workflows has unauthorized access to Argo Workflows Template9.8Mar 11, 2026
• CVE-2026-23960Argo Workflows affected by stored XSS in the artifact directory listing5.4Jan 21, 2026
• CVE-2025-66626argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links8.1Dec 9, 2025
• CVE-2025-62157Argo Workflows exposes artifact repository credentials in workflow-controller logs6.5Oct 14, 2025
• CVE-2025-62156argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite8.1Oct 14, 2025
• CVE-2025-59538Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook7.5Oct 1, 2025