Argo-cd

This hub aggregates every CVE we track for Argo-cd, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Argo-cd.

• CVE-2026-42880ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction9.6May 7, 2026
• CVE-2025-59538Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook7.5Oct 1, 2025
• CVE-2025-59537argo-cd is vulnerable to unauthenticated DoS attack via malformed Gogs webhook payload7.5Oct 1, 2025
• CVE-2025-59531Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload7.5Oct 1, 2025
• CVE-2025-55191Repository Credentials Race Condition Crashes Argo CD Server6.5Sep 30, 2025
• CVE-2025-55190Argo CD: Project API Token Exposes Repository Credentials9.9Sep 4, 2025
• CVE-2025-47933Argo CD allows cross-site scripting on repositories page9.0May 29, 2025
• CVE-2025-23216Argo CD does not scrub secret values from patch errors6.8Jan 30, 2025
• CVE-2024-41666The Argo CD web terminal session does not handle the revocation of user permissions properly.4.7Jul 24, 2024
• CVE-2024-40634Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint7.5Jul 22, 2024
• CVE-2024-37152Unauthenticated Access to sensitive settings in Argo CD5.3Jun 6, 2024
• CVE-2024-36106Argo CD allows authenticated users to enumerate clusters by name4.3Jun 6, 2024
• CVE-2024-31989ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache9.0May 21, 2024
• CVE-2024-32476Denial of Service via malicious jqPathExpressions in ignoreDifferences6.5Apr 26, 2024
• CVE-2024-31990Argo CD' API server does not enforce project sourceNamespaces4.8Apr 15, 2024