GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,040
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
The Argo CD web terminal session does not handle the revocation of user permissions properly
Moderate
CVE-2024-41666
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Jul 24, 2024
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
High
CVE-2024-40634
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 22, 2024
Argo-cd authenticated users can enumerate clusters by name
Moderate
CVE-2024-36106
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 6, 2024
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Critical
CVE-2024-31989
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2024
Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences
Moderate
CVE-2024-32476
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Apr 26, 2024
Argo CD's API server does not enforce project sourceNamespaces
Moderate
CVE-2024-31990
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Apr 15, 2024
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
Moderate
CVE-2024-21662
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 18, 2024
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment
High
CVE-2024-21661
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 18, 2024
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
Moderate
CVE-2024-21652
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 18, 2024
Cross-site scripting on application summary component
Critical
CVE-2024-28175
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
Users with `create` but not `override` privileges can perform local sync
Moderate
CVE-2023-50726
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server
Moderate
CVE-2023-40026
was published
for
github.com/argoproj/argo-cd
(Go)
Sep 27, 2023
Users with any cluster secret update access may update out-of-bounds cluster secrets
Critical
CVE-2023-23947
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 16, 2023
Controller reconciles apps outside configured namespaces when sharding is enabled
High
CVE-2023-22736
was published
for
github.com/argoproj/argo-cd
(Go)
Jan 25, 2023
Argo CD certificate verification is skipped for connections to OIDC providers
High
CVE-2022-31105
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 12, 2022
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
High
CVE-2022-31034
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
Moderate
CVE-2022-24904
was published
for
github.com/argoproj/argo-cd/v2
(Go)
May 23, 2022
ProTip!
Advisories are also available from the
GraphQL API