Security: argoproj/argo-cd
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Cross-site scripting on application summary componentGHSA-jwv5-8mqv-g387 published
Mar 13, 2024 by crenshaw-devCritical -
Cross-site scripting on repositories pageGHSA-2hj5-g64g-fp6p published
May 28, 2025 by crenshaw-devCritical -
Secret values are not scrubbed from patch errorsGHSA-47g2-qmh2-749v published
Jan 30, 2025 by jannfisModerate -
Cluster secret might leak in cluster details pageGHSA-fwr2-64vr-xv9m published
Sep 7, 2023 by jannfisCritical -
Argo CD leaks repository credentials in user-facing error messages and in logsGHSA-mv6w-j4xc-qpfw published
Feb 8, 2023 by crenshaw-devModerate -
Denial of Service to Argo CD repo-serverGHSA-g687-f2gx-6wm8 published
Sep 7, 2023 by jannfisModerate -
Users with any cluster secret update access may update out-of-bounds cluster secretsGHSA-3jfq-742w-xg8j published
Feb 16, 2023 by crenshaw-devCritical -
Authenticated users can enumerate clusters by nameGHSA-3cqf-953p-h5cp published
Jun 6, 2024 by pasha-codefreshModerate -
Controller reconciles apps outside configured namespaces when sharding is enabledGHSA-6p4m-hw2h-6gmw published
Jan 25, 2023 by crenshaw-devHigh -
Web terminal session doesn't expireGHSA-c8xw-vjgf-94hr published
Aug 23, 2023 by crenshaw-devModerate