29 matches found
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: sftpgo-plugin-pubsub, witness, crossplane-provider-azure-sql, cert-manager-cmctl, newrelic-infrastructure-agent, sftpgo, terraform-provider-pagerduty, rabbitmq-messaging-topology-operator, flux-source-controller, envoy-gateway, secrets-store-csi-driver-provider-aws,...
CVE-2022-31054
Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several HandleRoute endpoints make use of the deprecated ioutil.ReadAll. ioutil.ReadAll reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server wil...
CVE-2025-63811 vulnerabilities
Vulnerabilities for packages: splunk-otel-collector, cluster-api-aws-controller, jitsucom-bulker, bento, grafana-alloy, sqlexporter, argo-events, dapr, telegraf, opentelemetry-collector-contrib...
GHSA-9MJ6-HXHV-W67J vulnerabilities
Vulnerabilities for packages: argo-events-fips, splunk-otel-collector, dapr-fips, cluster-api-aws-controller, jitsucom-bulker, bento, grafana-alloy, splunk-otel-collector-fips, sqlexporter-fips, vault-fips, cluster-api-aws-controller-fips, sqlexporter, vault, argo-events, dapr, telegraf,...
CVE-2025-63811 vulnerabilities
Vulnerabilities for packages: argo-events-fips, splunk-otel-collector, dapr-fips, cluster-api-aws-controller, jitsucom-bulker, bento, grafana-alloy, splunk-otel-collector-fips, sqlexporter-fips, vault-fips, cluster-api-aws-controller-fips, sqlexporter, vault, argo-events, dapr, telegraf,...
EUVD-2022-5946
Malicious code in bioql PyPI...
SUSE CVE-2025-32445
Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor...
Privilege Escalation
github.com/argoproj/argo-events is vulnerable to Privilege Escalation. The vulnerability is due to insufficient permission controls due to allowing users with EventSource and Sensor custom resource permissions to escalate privileges and gain access to the host system and cluster...
GO-2025-3608 Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR in github.com/argoproj/argo-events
Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR in github.com/argoproj/argo-events...
CVE-2025-32445
Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor...
CVE-2025-32445 Users can gain privileged access to the host system and cluster with EventSource and Sensor CR
Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor...
CVE-2025-32445 Users can gain privileged access to the host system and cluster with EventSource and Sensor CR
Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor...
CVE-2025-32445 Users can gain privileged access to the host system and cluster with EventSource and Sensor CR
Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor...
Privilege Chaining
Overview Affected versions of this package are vulnerable to Privilege Chaining through the spec.template.container configuration in the EventSource and Sensor custom resources. An attacker can gain privileged access to the host system and cluster by injecting commands into a container template...
Privilege Chaining
Overview Affected versions of this package are vulnerable to Privilege Chaining through the spec.template.container configuration in the EventSource and Sensor custom resources. An attacker can gain privileged access to the host system and cluster by injecting commands into a container template...
CVE-2023-37475 vulnerabilities
Vulnerabilities for packages: argo-events-fips, argo-events...
CVE-2022-25856
The CVE-2022-25856 entry affects the Argo Events project: the GitArtifactReader.Read() implementation in the sensors/artifacts code path (git.go) allows directory traversal, enabling an attacker to read arbitrary files when a path contains a symbolic link or an implicit directory (e.g., using ../...
GHSA-QPGX-64H2-GC3C Insecure path traversal in Git Trigger Source can lead to arbitrary file read
Impact A path traversal issue was found in the g GitArtifactReader.Read API. Read calls into g GitArtifactReader.readFromRepository that opens and reads the file that contains the trigger resource definition: go func g GitArtifactReader readFromRepositoryr git.Repository, dir string No checks are...
Insecure path traversal in Git Trigger Source can lead to arbitrary file read
Impact A path traversal issue was found in the g GitArtifactReader.Read API. Read calls into g GitArtifactReader.readFromRepository that opens and reads the file that contains the trigger resource definition: go func g GitArtifactReader readFromRepositoryr git.Repository, dir string No checks are...
GHSA-5Q86-62XR-3R57 Uses of deprecated API can be used to cause DoS in user-facing endpoints
Impact Several HandleRoute endpoints make use of the deprecated ioutil.ReadAll. ioutil.ReadAll reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. Eventsources susceptible to an out-of-memor...