1060 matches found
GO-2026-4678 Unauthorized access to Argo Workflows Template in github.com/argoproj/argo-workflows
Unauthorized access to Argo Workflows Template in github.com/argoproj/argo-workflows...
Improper Neutralization of Special Elements in Data Query Logic
Overview graphiti-core is an A temporal graph building library Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the SearchFilters.nodelabels process. An attacker can execute arbitrary Cypher queries within the privileges of th...
Contagious Interview: Malware delivered through fake developer job interviews
Microsoft Defender Experts has observed the Contagious Interview campaign, a sophisticated social engineering operation active since at least December 2022. Microsoft continues to detect activity associated with this campaign in recent customer environments, targeting software developers at...
Contagious Interview: Malware delivered through fake developer job interviews
Microsoft Defender Experts has observed the Contagious Interview campaign, a sophisticated social engineering operation active since at least December 2022. Microsoft continues to detect activity associated with this campaign in recent customer environments, targeting software developers at...
GHSA-CMV8-6362-R5W9 vulnerabilities
Vulnerabilities for packages: argo-workflows...
CVE-2022-29164 vulnerabilities
Vulnerabilities for packages: argo-workflows...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the podSpecPatch when including a podSpecPatch field in their Workflow submission. An attacker can override security restrictions defined in approved templates by submitting a workflow that includes a crafted...
Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode
Summary A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as...
EUVD-2026-11206
Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode...
GHSA-3WF5-G532-RCRR Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode
Summary A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as...
GHSA-CMV8-6362-R5W9 vulnerabilities
Vulnerabilities for packages: argo-workflows, argo-workflows-fips...
CVE-2022-29164 vulnerabilities
Vulnerabilities for packages: argo-workflows, argo-workflows-fips...
CVE-2026-31892
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...
CVE-2026-28229
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...
CVE-2026-31892
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...
CVE-2026-31892
Argo Workflows (open source container-native workflow engine for Kubernetes) contains a vulnerability in which a user who can submit Workflows can bypass all security settings defined in a WorkflowTemplate by supplying a podSpecPatch in the submitted Workflow. The podSpecPatch overrides the refer...
CVE-2026-31892 WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...
CVE-2026-31892 WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...
CVE-2026-31892 WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...
CVE-2026-28229
Argo Workflows (open source container-native workflow engine for Kubernetes) is affected prior to version 4.0.2 and 3.7.11. The vulnerability affects the WorkflowTemplates and ClusterWorkflowTemplates endpoints, allowing any client with an Authorization: Bearer nothing token to retrieve sensitive...