ROOT-APP-GOBINARY-CVE-2025-32445 CVE-2025-32445 in rootio-github.com/argoproj/argo-events - Patched by Root

Root has patched CVE-2025-32445 in the rootio-github.com/argoproj/argo-events package for Root:Go. Multiple fixed versions available...

CVE-2026-41506 vulnerabilities

Vulnerabilities for packages: wolfictl, chainctl-fips, kubescape, nuclei, zot, grype-db, redpanda-console, syft-fips, act, cloudbeat, gitaly, zarf-fips, argo-cd-fips, steampipe, commercial-chainloop-cli, kaniko-fips, flux-image-automation-controller, xeol-fips, tfsec, gitea-fips, nemo,...

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: gitlab-kas, cluster-autoscaler, cloud-provider-aws, kubescape, cue, kube-arangodb, kube-vip, opencost, bento, otel-cli, vault-benchmark, tkn, kyverno-notation-aws, descheduler, db-operator, kine, mcp-grafana, nuclei, promxy, secrets-store-csi-driver-provider-azure,...

CVE-2026-25934 vulnerabilities

Vulnerabilities for packages: wolfictl, kubescape, chezmoi, nuclei, zot, grype-db, syft-fips, flux-source-watcher-fips, cloudbeat, gitaly, flux-kustomize-controller, argo-cd-fips, steampipe, flux-image-automation-controller, xeol-fips, tfsec, gitea-fips, nemo, gitlab-runner, amazon-ssm-agent-fips...

GHSA-37CX-329C-33X3 vulnerabilities

Vulnerabilities for packages: wolfictl, kubescape, chezmoi, nuclei, zot, grype-db, syft-fips, flux-source-watcher-fips, cloudbeat, gitaly, flux-kustomize-controller, argo-cd-fips, steampipe, flux-image-automation-controller, xeol-fips, tfsec, gitea-fips, nemo, gitlab-runner, amazon-ssm-agent-fips...

CVE-2022-31054

Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several HandleRoute endpoints make use of the deprecated ioutil.ReadAll. ioutil.ReadAll reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server wil...

GHSA-9MJ6-HXHV-W67J vulnerabilities

Vulnerabilities for packages: jitsucom-bulker, telegraf, sqlexporter, dapr, opentelemetry-collector-contrib, grafana-alloy, bento, cluster-api-aws-controller, splunk-otel-collector, argo-events...

CVE-2025-63811 vulnerabilities

Vulnerabilities for packages: jitsucom-bulker, telegraf, sqlexporter, dapr, opentelemetry-collector-contrib, grafana-alloy, bento, cluster-api-aws-controller, splunk-otel-collector, argo-events...

GHSA-9MJ6-HXHV-W67J vulnerabilities

Vulnerabilities for packages: jitsucom-bulker, telegraf, sqlexporter, dapr, sqlexporter-fips, opentelemetry-collector-contrib, vault-fips, bento, dapr-fips, grafana-alloy, splunk-otel-collector-fips, cluster-api-aws-controller, cluster-api-aws-controller-fips, splunk-otel-collector, argo-events,...

CVE-2025-63811 vulnerabilities

Vulnerabilities for packages: jitsucom-bulker, telegraf, sqlexporter, dapr, sqlexporter-fips, opentelemetry-collector-contrib, vault-fips, bento, dapr-fips, grafana-alloy, splunk-otel-collector-fips, cluster-api-aws-controller, cluster-api-aws-controller-fips, splunk-otel-collector, argo-events,...

EUVD-2025-10986

Malicious code in bioql PyPI...

EUVD-2025-10910

Malicious code in bioql PyPI...

EUVD-2022-5946

Malicious code in bioql PyPI...

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: gitlab-kas, jaeger-operator-fips, minio-fips, hydra, kubernetes-dashboard-metrics-scraper, cert-exporter, mods, db-operator, promxy, kubernetes-csi-external-provisioner-fips, nri-mysql, kiam, kapp-controller-fips, conjur-cli, docker-machine-driver-harvester,...

SUSE CVE-2025-32445

Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor...

Privilege Escalation

github.com/argoproj/argo-events is vulnerable to Privilege Escalation. The vulnerability is due to insufficient permission controls due to allowing users with EventSource and Sensor custom resource permissions to escalate privileges and gain access to the host system and cluster...

GO-2025-3608 Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR in github.com/argoproj/argo-events

Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR in github.com/argoproj/argo-events...

GHSA-HMP7-X699-CVHQ vulnerabilities

Vulnerabilities for packages: argo-events-fips...

CVE-2025-32445 vulnerabilities

Vulnerabilities for packages: argo-events-fips...

CVE-2025-32445

Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor...