903 matches found
ArgoCD Project API Token Repository Credentials Exposure
Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwords through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability...
GHSA-5CGQ-3RG8-M6CV vulnerabilities
Vulnerabilities for packages: knative-kafka-broker-fips, harbor, containerd, gitlab-rails-ce, argo-cd, kubernetes, backup-restore-operator, upwind-agent, terragrunt, argo-cd-fips, knative-kafka-broker, keda-fips, traefik, loki, zitadel, k3s, mattermost, flux, mattermost-fips, vitess,...
GHSA-F5WC-C3C7-36MC vulnerabilities
Vulnerabilities for packages: zot, frankenphp-8.2, juicefs, cilium, gatekeeper-fips, kubescape-server-fips, nuclei, trivy-operator-fips, kubernetes, argocd-image-updater-fips, syft, argo-cd-fips, chainloop-cli-fips, loki, zitadel, prometheus-fips, consul-fips, cilium-cli, flux-source-controller,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: zot, frankenphp-8.2, cilium, gatekeeper-fips, seaweedfs-rocksdb, kubescape-server-fips, trivy-operator-fips, kubernetes, argocd-image-updater-fips, argo-cd-fips, loki, zitadel, prometheus-fips, cilium-cli, flux-source-controller, drone, opentofu, frankenphp-8.4,...
GHSA-5CGQ-3RG8-M6CV vulnerabilities
Vulnerabilities for packages: vitess, argo-cd, prometheus, gitsign, argocd-image-updater, argo-events, mattermost, guac, terragrunt, istio, k3s, containerd, telegraf...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: apko, witness, pulumi-kubernetes-operator, gomplate, go-discover, flux-kustomize-controller, kubernetes, tkn, flux-notification-controller, tekton-chains, vault-benchmark, osv-scanner, zot, gatus, dagger, kine, hcloud, k9s, openbao, docker, opentelemetry-collector,...
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: flux-source-controller, cilium-cli, cilium, skaffold, containerd, spire-server, loki, telegraf, kubernetes, cloud-provider-aws, fscrypt, knative-serving, gitea, nerdctl, osv-scanner, kots, kubescape, zot, trivy-operator, kine, prometheus-operator, argo-cd,...
GHSA-QPW4-5X99-6VJP vulnerabilities
Vulnerabilities for packages: apko, witness, pulumi-kubernetes-operator, gomplate, kubernetes, zot, osv-scanner, gatus, dagger, kine, k9s, docker, opentelemetry-collector, teleport, rancher-agent, docker-cli-buildx, skaffold, nuclei, act, pulumi-language-yaml, cloud-provider-aws, podman, melange,...
GHSA-89GR-R52H-F8RX vulnerabilities
Vulnerabilities for packages: apko, witness, pulumi-kubernetes-operator, gomplate, go-discover, flux-kustomize-controller, kubernetes, tkn, flux-notification-controller, tekton-chains, vault-benchmark, osv-scanner, zot, gatus, dagger, kine, hcloud, k9s, openbao, docker, opentelemetry-collector,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: flux-source-controller, cilium-cli, cilium, skaffold, containerd, spire-server, loki, telegraf, kubernetes, cloud-provider-aws, fscrypt, knative-serving, gitea, nerdctl, osv-scanner, kots, kubescape, zot, trivy-operator, kine, prometheus-operator, argo-cd,...
GHSA-JPPX-RXG9-JMRX vulnerabilities
Vulnerabilities for packages: cilium-cli, cilium, containerd, spire-server, loki, telegraf, kubernetes, cloud-provider-aws, fscrypt, podman, knative-serving, nerdctl, zot, kots, kine, prometheus-operator, argo-cd, mattermost, flux, helm, k3s, kaf, cert-manager, opentelemetry-collector, teleport,...
GHSA-F5WC-C3C7-36MC vulnerabilities
Vulnerabilities for packages: apko, witness, pulumi-kubernetes-operator, gomplate, go-discover, kubernetes, zot, osv-scanner, dagger, kine, k9s, openbao, opentelemetry-collector, teleport, caddy, rancher-agent, docker-cli-buildx, skaffold, nuclei, act, pulumi-language-yaml, cloud-provider-aws,...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: apko, witness, pulumi-kubernetes-operator, gomplate, go-discover, flux-kustomize-controller, crossplane-provider-aws-lambda, crossplane-provider-aws-ec2, kubernetes, crossplane-provider-keycloak, tkn, flux-notification-controller, tekton-chains,...
GHSA-5WRP-CWCJ-Q835 vulnerabilities
Vulnerabilities for packages: kubevela, datadog-agent-fips, google-osconfig-agent, crossplane, nuclei, neuvector-sigstore-interface-fips, kueue, cluster-api-azure-controller-fips, prometheus-fips, crossplane-provider-aws-macie2-fips, consul-fips, ratify, gitlab-runner, consul,...
CVE-2026-41178 vulnerabilities
Vulnerabilities for packages: kubevela, datadog-agent-fips, google-osconfig-agent, crossplane, nuclei, neuvector-sigstore-interface-fips, kueue, cluster-api-azure-controller-fips, prometheus-fips, crossplane-provider-aws-macie2-fips, consul-fips, ratify, gitlab-runner, consul,...
CLEANSTART-2026-WF25734 Security fixes for CVE-2025-47912, CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-24051, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27145, CVE-2026-29181, CVE-2026-33186, CVE-2026-33762, CVE-2026-34165, CVE-2026-34986, CVE-2026-35469, CVE-2026-39821, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39883, CVE-2026-41506, CVE-2026-42502, CVE-2026-42504, CVE-2026-42506, CVE-2026-42507, CVE-2026-42508, CVE-2026-42880, CVE-2026-44740, CVE-2026-44973, CVE-2026-45022, CVE-2026-45570, CVE-2026-45571, CVE-2026-45737, CVE-2026-45738, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-389r-gv7p-r3rp, ghsa-3v3m-wc6v-x4x3, ghsa-3wgm-2mw2-vh5m, ghsa-3xc5-wrhm-f963, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-78h2-9frx-2jm8, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-crhj-59gh-8x96, ghsa-f6x5-jh6r-wrfv, ghsa-gm2x-2g9h-ccm8, ghsa-gxhx-2686-5h9g, ghsa-h98r-wv3h-fr38, ghsa-hfvc-g4fc-pqhx, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-jhf3-xxhw-2wpp, ghsa-m3xc-h892-ggx6, ghsa-m7cr-m3pv-hgrp, ghsa-mh2q-q3fh-2475, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r, ghsa-pc3f-x583-g7j2, ghsa-qw64-3x98-g7q2, ghsa-rg3g-4rw9-gqrp applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0, 3.3.3-r0, 3.3.4-r0, 3.3.5-r0, 3.3.5-r1, 3.3.5-r2, 3.3.5-r3
Multiple security vulnerabilities affect the argo-cd package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-HO16255 Security fixes for CVE-2025-47912, CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-24051, CVE-2026-25679, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-27145, CVE-2026-29181, CVE-2026-33186, CVE-2026-33762, CVE-2026-34165, CVE-2026-34986, CVE-2026-35469, CVE-2026-39821, CVE-2026-39883, CVE-2026-41506, CVE-2026-42502, CVE-2026-42504, CVE-2026-42506, CVE-2026-42507, CVE-2026-42880, CVE-2026-44740, CVE-2026-44973, CVE-2026-45022, CVE-2026-45570, CVE-2026-45571, CVE-2026-45737, CVE-2026-45738, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-389r-gv7p-r3rp, ghsa-3v3m-wc6v-x4x3, ghsa-3wgm-2mw2-vh5m, ghsa-3xc5-wrhm-f963, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-78h2-9frx-2jm8, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-crhj-59gh-8x96, ghsa-f6x5-jh6r-wrfv, ghsa-gm2x-2g9h-ccm8, ghsa-gxhx-2686-5h9g, ghsa-h98r-wv3h-fr38, ghsa-hfvc-g4fc-pqhx, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-jhf3-xxhw-2wpp, ghsa-m3xc-h892-ggx6, ghsa-m7cr-m3pv-hgrp, ghsa-mh2q-q3fh-2475, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r, ghsa-pc3f-x583-g7j2, ghsa-qw64-3x98-g7q2, ghsa-rg3g-4rw9-gqrp applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0, 3.2.7-r1, 3.2.7-r2, 3.2.7-r3, 3.2.7-r4
Multiple security vulnerabilities affect the argo-cd package. These issues are resolved in later releases. See references for individual vulnerability details...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Argoproj Argo_Cd
CVE-2026-42880 — ArgoCD Secret Exposure via ServerSideDiff A...
CVE-2026-45738 vulnerabilities
Vulnerabilities for packages: argocd-image-updater, argo-cd...
GHSA-H98R-WV3H-FR38 vulnerabilities
Vulnerabilities for packages: argocd-image-updater, argo-cd...