github.com/argoproj/argo-cd/v2 (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/argoproj/argo-cd/v2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (46)
CVE-2022-29165 — CVSS 10.0 (critical): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting…
CVE-2023-40029 — CVSS 9.9 (critical): Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD /…
CVE-2025-55190 — CVSS 9.9 (critical): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0…
CVE-2022-24768 — CVSS 9.9 (critical): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are…
CVE-2024-21652 — CVSS 9.8 (critical): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can…
CVE-2026-42880 — CVSS 9.6 (critical): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9…
CVE-2023-23947 — CVSS 9.1 (critical): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All Argo CD versions starting with 2.3.0-rc1 and prior to 2.3.17…
CVE-2023-22482 — CVSS 9.0 (critical): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13…
CVE-2024-31989 — CVSS 9.0 (critical): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different…
CVE-2025-47933 — CVSS 9.0 (critical): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can…
CVE-2024-28175 — CVSS 9.0 (critical): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in…
CVE-2022-31035 — CVSS 9.0 (critical): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a…
CVE-2022-1025 — CVSS 8.8 (high): All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to…
CVE-2023-22736 — CVSS 8.5 (high): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and…
CVE-2024-22424 — CVSS 8.3 (high): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and…
CVE-2022-31034 — CVSS 8.3 (high): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a…
CVE-2022-31105 — CVSS 8.3 (high): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6…
CVE-2022-24730 — CVSS 7.7 (high): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11…
CVE-2022-24348 — CVSS 7.7 (high): Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in…
CVE-2025-59537 — CVSS 7.5 (high): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19…
CVE-2025-59538 — CVSS 7.5 (high): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through…
CVE-2024-40634 — CVSS 7.5 (high): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an…
CVE-2024-21661 — CVSS 7.5 (high): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can…
CVE-2024-21662 — CVSS 7.5 (high): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can…
CVE-2025-59531 — CVSS 7.5 (high): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19…
CVE-2022-24731 — CVSS 6.8 (medium): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11…
CVE-2025-23216 — CVSS 6.8 (medium): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret…
CVE-2022-31016 — CVSS 6.5 (medium): Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory…
CVE-2024-29893 — CVSS 6.5 (medium): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the…
CVE-2024-32476 — CVSS 6.5 (medium): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq…
CVE-2023-40584 — CVSS 6.5 (medium): Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD…
CVE-2025-55191 — CVSS 6.5 (medium): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions between 2.1.0 and 2.14.19, 3.2.0-rc1, 3.1.0-rc1 through…
CVE-2023-50726 — CVSS 6.4 (medium): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to…
CVE-2023-25163 — CVSS 6.3 (medium): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output…
CVE-2024-37152 — CVSS 5.3 (medium): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive…
CVE-2023-40026 — CVSS 5.0 (medium): Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but…
CVE-2024-31990 — CVSS 4.8 (medium): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which…
CVE-2023-40025 — CVSS 4.7 (medium): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug…
CVE-2024-41666 — CVSS 4.7 (medium): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell…
CVE-2021-23347 — CVSS 4.7 (medium): The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO…
CVE-2022-24904 — CVSS 4.3 (medium): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m…
CVE-2022-31036 — CVSS 4.3 (medium): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a…
CVE-2022-24905 — CVSS 4.3 (medium): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4…
CVE-2022-41354 — CVSS 4.3 (medium): An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.
CVE-2024-36106 — CVSS 4.3 (medium): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by…
CVE-2022-31102 — CVSS 2.6 (low): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5 is…