Security Advisories · argoproj/argo-cd · GitHub

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd
GHSA-92mw-q256-5vwg published Jan 18, 2024 by crenshaw-dev

High
Unauthenticated Access to sensitive settings in Argo CD
GHSA-87p9-x75h-p4j2 published Jun 6, 2024 by pasha-codefresh

Moderate
Users with `create` but not `override` privileges can perform local sync
GHSA-g623-jcgg-mhmm published Mar 13, 2024 by crenshaw-dev

Moderate
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
GHSA-2vgg-9h6w-m454 published Mar 18, 2024 by crenshaw-dev

Moderate
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment
GHSA-6v85-wr92-q4p7 published Mar 18, 2024 by crenshaw-dev

High
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
GHSA-x32m-mvfj-52xv published Mar 18, 2024 by crenshaw-dev

Moderate
API server does not enforce project sourceNamespaces
GHSA-2gvw-w6fj-7m3c published Apr 15, 2024 by pasha-codefresh

Moderate
Cross-site scripting on application summary component
GHSA-jwv5-8mqv-g387 published Mar 13, 2024 by crenshaw-dev

Critical
Cross-site scripting on repositories page
GHSA-2hj5-g64g-fp6p published May 28, 2025 by crenshaw-dev

Critical
Secret values are not scrubbed from patch errors
GHSA-47g2-qmh2-749v published Jan 30, 2025 by jannfis

Moderate