GO-2025-3996 argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload in github.com/argoproj/argo-cd

argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload in github.com/argoproj/argo-cd...

BIT-ARGO-CD-2025-59537 argo-cd is vulnerable to unauthenticated DoS attack via malformed Gogs webhook payload

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0 through 2.14.19, 3.0.0 through 3.2.0, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate clients. With the...

EUVD-2025-31766

Malicious code in bioql PyPI...

CVE-2025-59537

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate client...

CVE-2025-59537

CVE-2025-59537 affects Argo CD. Affected: Argo CD server components in versions 1.2.0–1.8.7, 2.0.0-rc1–2.14.19, 3.0.0-rc1–3.2.0-rc1, 3.1.7, and 3.0.18. Description: receiving a Gogs push webhook with commits[].repo missing or null can crash the argocd-server process via the /api/webhook endpoint,...

CVE-2025-59537 argo-cd is vulnerable to unauthenticated DoS attack via malformed Gogs webhook payload

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate client...

CVE-2025-59537 argo-cd is vulnerable to unauthenticated DoS attack via malformed Gogs webhook payload

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate client...

argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload

Summary Unpatched Argo CD versions are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate clients. With the default configuration, no webhook.gogs.secret set, Argo CD’s /api/webhook endpoint will crash the entire argocd-server process whe...

GHSA-WP4P-9PXH-CGX2 argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload

Summary Unpatched Argo CD versions are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate clients. With the default configuration, no webhook.gogs.secret set, Argo CD’s /api/webhook endpoint will crash the entire argocd-server process whe...

GHSA-W689-557M-2CVQ Server-Side Request Forgery in gogs webhook

Impact The malicious user is able to discover services in the internal network through webhook functionality. All installations accepting public traffic are affected. Patches Webhook payload URLs are revalidated before each delivery to make sure they are not resolved to blocked local network...