884 matches found
ArgoCD Project API Token Repository Credentials Exposure
Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwords through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Argoproj Argo_Cd
CVE-2026-42880 — ArgoCD Secret Exposure via ServerSideDiff A...
GHSA-H98R-WV3H-FR38 vulnerabilities
Vulnerabilities for packages: argocd-image-updater, argo-cd...
CVE-2026-45738 vulnerabilities
Vulnerabilities for packages: argocd-image-updater, argo-cd...
GHSA-M7CR-M3PV-HGRP vulnerabilities
Vulnerabilities for packages: trufflehog, steampipe, pulumi-language-yaml, kots, wolfictl, tfsec, bom, pulumi-language-java, grafana-alloy, argo-cd, gptscript, act, external-secrets-operator, gitaly, nfpm, gitlab-runner, gitsign, kubevela, gitea, src-fingerprint, xeol, skaffold, zot, nuclei,...
GHSA-CRHJ-59GH-8X96 vulnerabilities
Vulnerabilities for packages: trufflehog, steampipe, pulumi-language-yaml, kots, wolfictl, tfsec, bom, pulumi-language-java, grafana-alloy, argo-cd, gptscript, act, external-secrets-operator, gitaly, nfpm, gitlab-runner, gitsign, kubevela, gitea, src-fingerprint, xeol, skaffold, zot, nuclei,...
CVE-2026-45571 vulnerabilities
Vulnerabilities for packages: trufflehog, steampipe, pulumi-language-yaml, kots, wolfictl, tfsec, bom, pulumi-language-java, grafana-alloy, argo-cd, gptscript, act, external-secrets-operator, gitaly, nfpm, gitlab-runner, gitsign, kubevela, gitea, src-fingerprint, xeol, skaffold, zot, nuclei,...
CVE-2026-45570 vulnerabilities
Vulnerabilities for packages: trufflehog, steampipe, pulumi-language-yaml, kots, wolfictl, tfsec, bom, pulumi-language-java, grafana-alloy, argo-cd, gptscript, act, external-secrets-operator, gitaly, nfpm, gitlab-runner, gitsign, kubevela, gitea, src-fingerprint, xeol, skaffold, zot, nuclei,...
CVE-2026-45738 vulnerabilities
Vulnerabilities for packages: argo-cd, argocd-image-updater-fips, argocd-image-updater...
GHSA-H98R-WV3H-FR38 vulnerabilities
Vulnerabilities for packages: argo-cd, argocd-image-updater-fips, argocd-image-updater...
GHSA-CRHJ-59GH-8X96 vulnerabilities
Vulnerabilities for packages: cloudbeat, kaniko, cerbos, packer, external-secrets-operator-fips, gitsign, cloudbeat-fips, trivy-fips, apko, chainloop-cli-fips, grype, pulumi-language-java, flux-image-automation-controller, argo-workflows, src-fingerprint-fips, zot, tfsec, grafana-alloy, nuclei,...
CVE-2026-45571 vulnerabilities
Vulnerabilities for packages: cloudbeat, kaniko, cerbos, packer, external-secrets-operator-fips, gitsign, cloudbeat-fips, trivy-fips, apko, chainloop-cli-fips, grype, pulumi-language-java, flux-image-automation-controller, argo-workflows, src-fingerprint-fips, zot, tfsec, grafana-alloy, nuclei,...
CVE-2026-45570 vulnerabilities
Vulnerabilities for packages: cloudbeat, kaniko, cerbos, packer, external-secrets-operator-fips, gitsign, cloudbeat-fips, trivy-fips, apko, chainloop-cli-fips, grype, pulumi-language-java, flux-image-automation-controller, argo-workflows, src-fingerprint-fips, zot, tfsec, grafana-alloy, nuclei,...
Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation
Summary A user with application write access developer role can set link.argocd.argoproj.io/ annotations on any ArgoCD Application. These annotation values are rendered in the Summary tab's URLs section as elements without URL validation. Using the pipe-separator trick Display Text |...
GHSA-RG3G-4RW9-GQRP Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations
Summary The original fix for GHSA-3v3m-wc6v-x4x3 is incomplete. argocd app diff --server-side-diff can still expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation. The prior fix masks top-level Secret data in ServerSideDiff responses, but it...
Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations
Summary The original fix for GHSA-3v3m-wc6v-x4x3 is incomplete. argocd app diff --server-side-diff can still expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation. The prior fix masks top-level Secret data in ServerSideDiff responses, but it...
CLEANSTART-2026-TT42218 Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61732, CVE-2025-68121, CVE-2026-1229, CVE-2026-24051, CVE-2026-25934, CVE-2026-33186, CVE-2026-33762, CVE-2026-34165, CVE-2026-34986, CVE-2026-35469, CVE-2026-39883, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-3xc5-wrhm-f963, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-78h2-9frx-2jm8, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-gm2x-2g9h-ccm8, ghsa-hfvc-g4fc-pqhx, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-jhf3-xxhw-2wpp, ghsa-mh2q-q3fh-2475, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r, ghsa-p77j-4mvh-x3m3, ghsa-pc3f-x583-g7j2 applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.12-r0, 3.1.12-r1, 3.1.14-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0
Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-LU21824 Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-1229, CVE-2026-24051, CVE-2026-25934, CVE-2026-33186, CVE-2026-33762, CVE-2026-34165, CVE-2026-34986, CVE-2026-35469, CVE-2026-39883, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-3xc5-wrhm-f963, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-78h2-9frx-2jm8, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-gm2x-2g9h-ccm8, ghsa-hfvc-g4fc-pqhx, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-jhf3-xxhw-2wpp, ghsa-mh2q-q3fh-2475, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r, ghsa-p77j-4mvh-x3m3, ghsa-pc3f-x583-g7j2 applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0, 3.2.7-r1, 3.2.9-r0
Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-NT80635 Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-1229, CVE-2026-24051, CVE-2026-25934, CVE-2026-29181, CVE-2026-33186, CVE-2026-33762, CVE-2026-34165, CVE-2026-35469, CVE-2026-39883, CVE-2026-41506, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-3xc5-wrhm-f963, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-gm2x-2g9h-ccm8, ghsa-hfvc-g4fc-pqhx, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-jhf3-xxhw-2wpp, ghsa-mh2q-q3fh-2475, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r, ghsa-pc3f-x583-g7j2 applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0, 3.3.2-r1, 3.3.3-r0, 3.3.4-r0, 3.3.7-r0
Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-QW64-3X98-G7Q2 vulnerabilities
Vulnerabilities for packages: argo-cd-fips, cerbos, skaffold-fips, cerbos-fips, chainloop-cli, seaweedfs-rocksdb, amazon-ssm-agent, syft-fips, nemo, chainloop-cli-fips, rancher-fleet, rclone-fips, scorecard, seaweedfs-rocksdb-fips, terragrunt, gitaly, kyverno-fips, teleport, gitlab-rails-ce-fips,...