Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

argo-cd — Vulnerabilities & Security Advisories 42

All 42 CVE vulnerabilities found in argo-cd, with AI-generated Chinese analysis, references, and POCs.

This page aggregates vulnerability information for the Argo CD product, focusing on security weaknesses within the continuous delivery platform. It collects data regarding common security flaws, including injection attacks, cross-site scripting, and improper access control mechanisms found in the Argo CD ecosystem. The database covers publicly disclosed vulnerabilities from the initial release of the software through the present day, ensuring a comprehensive historical record for security analysts and DevOps engineers. Users can utilize this resource to track advisories issued by the Argo CD vendor, allowing them to stay informed about specific patches and mitigation strategies. Additionally, the page enables a deeper understanding of broader weakness classes as they apply to GitOps practices, helping teams identify patterns in how similar flaws manifest across related tools. By exploring the detailed vulnerability history of Argo CD, stakeholders can assess the long-term security posture of their CI/CD pipelines and prioritize remediation efforts based on severity and exploitability. This centralized view simplifies the process of monitoring security risks associated with the product, reducing the need to search multiple external sources. The information provided is structured to support both immediate incident response and long-term architectural security reviews, making it a valuable asset for maintaining robust continuous delivery environments.

Vendor: argoproj

CVE IDTitleCVSSSeverityPublished
CVE-2026-42880 ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction CWE-200 9.6 Critical2026-05-07
CVE-2025-59538 Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook CWE-248 7.5 High2025-10-01
CVE-2025-59537 argo-cd is vulnerable to unauthenticated DoS attack via malformed Gogs webhook payload CWE-20 7.5 High2025-10-01
CVE-2025-59531 Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload CWE-703 7.5 High2025-10-01
CVE-2025-55191 Repository Credentials Race Condition Crashes Argo CD Server CWE-362 6.5 Medium2025-09-30
CVE-2025-55190 Argo CD: Project API Token Exposes Repository Credentials CWE-200 10.0 Critical2025-09-04
CVE-2025-47933 Argo CD allows cross-site scripting on repositories page CWE-79 9.1 Critical2025-05-29
CVE-2025-23216 Argo CD does not scrub secret values from patch errors CWE-209 6.8 Medium2025-01-30
CVE-2024-41666 The Argo CD web terminal session does not handle the revocation of user permissions properly. CWE-269 4.7 Medium2024-07-24
CVE-2024-40634 Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint CWE-400 7.5 High2024-07-22
CVE-2024-37152 Unauthenticated Access to sensitive settings in Argo CD CWE-287 5.3 Medium2024-06-06
CVE-2024-36106 Argo CD allows authenticated users to enumerate clusters by name CWE-209 4.3 Medium2024-06-06
CVE-2024-31989 ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache CWE-327 9.1 Critical2024-05-21
CVE-2024-32476 Denial of Service via malicious jqPathExpressions in ignoreDifferences CWE-400 6.5 Medium2024-04-26
CVE-2024-31990 Argo CD' API server does not enforce project sourceNamespaces CWE-863 4.8 Medium2024-04-15
CVE-2024-29893 Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server CWE-400 6.5 Medium2024-03-29
CVE-2024-21662 Argo CD vulnerable to Bypassing of Rate Limit and Brute Force Protection Using Cache Overflow CWE-307 7.5 High2024-03-18
CVE-2024-21661 Argo CD Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment CWE-787 7.5 High2024-03-18
CVE-2024-21652 Argo CD vulnerable to Bypassing of Brute Force Protection via Application Crash and In-Memory Data Loss CWE-307 9.8 Critical2024-03-18
CVE-2023-50726 Users with `create` but not `override` privileges can perform local sync in argo-cd CWE-269 6.4 Medium2024-03-13
CVE-2024-28175 Cross-site scripting on application summary component in argo-cd CWE-79 9.1 Critical2024-03-13
CVE-2024-22424 Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd CWE-352 8.4 High2024-01-19
CVE-2023-40026 Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server CWE-22 5.0 Medium2023-09-27
CVE-2023-40584 Denial of Service to Argo CD repo-server CWE-400 6.5 Medium2023-09-07
CVE-2023-40029 Cluster secret might leak in cluster details page in Argo CD CWE-200 9.9 Critical2023-09-07
CVE-2023-40025 Argo CD web terminal session doesn't expire CWE-613 4.7 Medium2023-08-23
CVE-2023-23947 Argo CD users with any cluster secret update access may update out-of-bounds cluster secrets CWE-863 9.1 Critical2023-02-16
CVE-2023-25163 Argo CD leaks repository credentials in user-facing error messages and in logs CWE-532 6.3 Medium2023-02-08
CVE-2023-22736 argo-cd Controller reconciles apps outside configured namespaces when sharding is enabled CWE-862 8.6 High2023-01-26
CVE-2023-22482 JWT audience claim is not verified CWE-863 9.1 Critical2023-01-25

All 42 known CVE vulnerabilities affecting argo-cd with full Chinese analysis, references, and POCs where available.