VYPR

Go modules package

github.com/argoproj/argo-cd/v3

pkg:golang/github.com/argoproj/argo-cd/v3

Vulnerabilities (7)

  • CVE-2026-42880CriMay 7, 2026
    affected >= 3.2.0, < 3.2.11fixed 3.2.11

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to ex

  • CVE-2025-59538Oct 1, 2025
    affected >= 3.2.0-rc1, < 3.2.0-rc2fixed 3.2.0-rc2

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.6 and 3.0.17, when the webhook.azuredevops.username and webhook.azuredevops.password are not set in the default configuration, the /a

  • CVE-2025-59537Oct 1, 2025
    affected >= 3.2.0-rc1, < 3.2.0-rc2fixed 3.2.0-rc2

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server and cause denial of service to

  • CVE-2025-59531Oct 1, 2025
    affected >= 3.2.0-rc1, < 3.2.0-rc2fixed 3.2.0-rc2

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server and cause denial of service to

  • CVE-2025-55191Sep 30, 2025
    affected >= 3.2.0-rc1, < 3.2.0-rc2fixed 3.2.0-rc2

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions between 2.1.0 and 2.14.19, 3.2.0-rc1, 3.1.0-rc1 through 3.1.7, and 3.0.0-rc1 through 3.0.18 contain a race condition in the repository credentials handler that can cause the Argo CD server to panic

  • CVE-2025-55190Sep 4, 2025
    affected < 3.0.14fixed 3.0.14

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials (

  • CVE-2025-47933May 29, 2025
    affected < 3.0.4fixed 3.0.4

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacke