GO-2025-3994 Repository Credentials Race Condition Crashes Argo CD Server in github.com/argoproj/argo-cd

Repository Credentials Race Condition Crashes Argo CD Server in github.com/argoproj/argo-cd...

GO-2025-3993 Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd

Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd...

EUVD-2025-31768

Malicious code in bioql PyPI...

CVE-2025-59538

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.6 and 3.0.17, when the webhook.azuredevops.username and webhook.azuredevops.password are not set in the default configuration, the /api/webhook endpoi...

CVE-2025-55191 Repository Credentials Race Condition Crashes Argo CD Server

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions between 2.1.0 and 2.14.19, 3.2.0-rc1, 3.1.0-rc1 through 3.1.7, and 3.0.0-rc1 through 3.0.18 contain a race condition in the repository credentials handler that can cause the Argo CD server to panic and crash when...

GHSA-G88P-R42R-PPP9 Repository Credentials Race Condition Crashes Argo CD Server

Summary A race condition in the repository credentials handler can cause the Argo CD server to panic and crash when concurrent operations are performed on the same repository URL. Details The vulnerability is located in numerous repository related handlers in the util/db/repositorysecrets.go file...

Repository Credentials Race Condition Crashes Argo CD Server

Summary A race condition in the repository credentials handler can cause the Argo CD server to panic and crash when concurrent operations are performed on the same repository URL. Details The vulnerability is located in numerous repository related handlers in the util/db/repositorysecrets.go file...

PT-2025-40043

Summary A race condition in the repository credentials handler can cause the Argo CD server to panic and crash when concurrent operations are performed on the same repository URL. Details The vulnerability is located in numerous repository related handlers in the util/db/repository secrets.go fil...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the project details API endpoint. An attacker can access sensitive repository credentials by using API tokens with project-level or project get permissions,...