VYPR

apk package

chainguard/argo-workflow-executor-3.6-compat-fips

pkg:apk/chainguard/argo-workflow-executor-3.6-compat-fips

Vulnerabilities (4)

  • CVE-2025-68156Dec 16, 2025
    affected < 3.6.15-r1fixed 3.6.15-r1

    Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursi

  • CVE-2025-62157Oct 14, 2025
    affected < 3.6.12-r0fixed 3.6.12-r0

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attack

  • CVE-2025-62156Oct 14, 2025
    affected < 3.6.12-r0fixed 3.6.12-r0

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack

  • CVE-2025-8556LowAug 6, 2025
    affected < 3.6.11-r1fixed 3.6.11-r1

    A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.