argo cd · threatengine.sh

CVE-2026-42880

>= 3.2.0 and < 3.2.11

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before

9.6CRITICAL

CVE-2025-59538

>= 2.9.0 and < 2.14.20

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 throug

7.5HIGH

CVE-2025-59537

>= 1.2.0 and <= 1.8.7

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19,

7.5HIGH

CVE-2025-59531

>= 1.2.0 and <= 1.8.7

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19,

7.5HIGH

CVE-2025-55191

>= 2.1.0 and < 2.14.20

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions between 2.1.0 and 2.14.19, 3.2.0-rc1, 3.1.0-rc1

6.5MEDIUM

CVE-2025-55190

>= 2.2.0 and < 2.13.9

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.1

9.9CRITICAL

CVE-2025-47933

>= 1.2.1 and < 2.13.8

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacke

9.0CRITICAL

CVE-2025-23216

< 2.11.13

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed s

6.8MEDIUM

CVE-2024-41666

>= 2.6.0 and < 2.9.21

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to ge

4.7MEDIUM

CVE-2024-40634

>= 1.0.0 and < 2.9.20

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD,

7.5HIGH

CVE-2024-37152

>= 2.9.3 and < 2.9.17

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sens

5.3MEDIUM

CVE-2024-36106

> 0.11.0 and < 2.9.17

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clu

4.3MEDIUM

CVE-2024-31989

< 2.8.19

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a dif

9.0CRITICAL

CVE-2024-32476

>= 2.1.0 and < 2.8.17

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM

6.5MEDIUM

CVE-2024-31990

>= 2.4.0 and < 2.8.16

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces

4.8MEDIUM

CVE-2024-29893

>= 2.4.0 and < 2.8.14

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug whe

6.5MEDIUM

CVE-2024-21662

< 2.8.13

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker

7.5HIGH

CVE-2024-21661

< 2.8.13

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker

7.5HIGH

CVE-2024-21652

< 2.8.13

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker

9.8CRITICAL

CVE-2024-28175

>= 1.0.0 and < 2.8.12

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links spe

9.0CRITICAL

CVE-2023-50726

>= 1.2.0 and < 2.8.12

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developer

6.4MEDIUM

CVE-2024-22424

>= 2.8.0 and < 2.8.8

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8

8.3HIGH

CVE-2023-40026

< 2.3.0

Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0

5.0MEDIUM

CVE-2023-40584

>= 2.4.0 and < 2.6.15

Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the Argo

6.5MEDIUM

CVE-2023-40029

>= 2.2.0 and < 2.6.15

Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo C

9.9CRITICAL

CVE-2023-40025

>= 2.6.0 and <= 2.6.13

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have

4.7MEDIUM

CVE-2022-41354

>= 0.5.0 and < 2.4.28

An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.

4.3MEDIUM

CVE-2023-23947

>= 2.3.0 and < 2.3.17

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All Argo CD versions starting with 2.3.0-rc1 and prior t

9.1CRITICAL

CVE-2023-25163

all versions

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an

6.3MEDIUM

CVE-2023-22736

>= 2.5.0 and < 2.5.8

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5

8.5HIGH

CVE-2023-22482

>= 1.8.2 and < 2.3.14

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.

9.0CRITICAL

CVE-2022-31105

>= 2.3.0 and < 2.3.6

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11,

8.3HIGH

CVE-2022-31102

>= 2.3.0 and < 2.3.6

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5

2.6LOW

CVE-2022-1025

>= 0.5.0 and <= 2.1.12

All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user

8.8HIGH

CVE-2022-31036

>= 1.3.0 and < 2.1.6

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnera

4.3MEDIUM

CVE-2022-31035

>= 1.0.0 and < 2.1.16

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnera

9.0CRITICAL

CVE-2022-31034

>= 0.11.0 and < 2.1.16

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulner

8.3HIGH

CVE-2022-31016

>= 0.7.0 and < 2.1.16

Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled

6.5MEDIUM

CVE-2022-29165

>= 1.4.0 and < 2.1.15

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD

10.0CRITICAL

CVE-2022-24905

>= 0.6.1 and < 2.1.15

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2

4.3MEDIUM

CVE-2022-24904

>= 0.7.0 and < 2.1.15

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to version

4.3MEDIUM

CVE-2022-24768

>= 0.5.0 and < 2.1.14

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 ar

9.9CRITICAL

CVE-2022-24731

>= 1.5.0 and < 2.1.11

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions

6.8MEDIUM

CVE-2022-24730

>= 1.3.0 and < 2.1.11

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions

7.7HIGH

CVE-2021-3557

< 1.1.1

A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount

6.5MEDIUM

CVE-2022-24348

< 2.1.9

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate

7.7HIGH

CVE-2021-23135

>= 1.7.0 and < 1.7.14

Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secre

5.9MEDIUM

CVE-2021-26924

< 1.7.12

An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header.

6.1MEDIUM

CVE-2021-26923

< 1.7.12

An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, an

7.5HIGH

CVE-2021-23347

< 1.7.13

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS

4.7MEDIUM

CVE-2021-26921

< 1.7.12

In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.

6.5MEDIUM

CVE-2018-21034

<= 1.4.2

In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and oth

6.5MEDIUM

CVE-2020-8828

< 1.5.0

As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, th

8.8HIGH

CVE-2020-8827

< 1.5.0

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-brut

7.5HIGH

CVE-2020-8826

<= 1.5.0

As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usabl

7.5HIGH

CVE-2020-11576

all versions

Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the u

5.3MEDIUM

argoproj argo cd