439 matches found
CLEANSTART-2026-YB55927 Security fixes for CVE-2025-15558, CVE-2025-61729, CVE-2026-25934, CVE-2026-26958, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-37cx-329c-33x3, ghsa-fv92-fjc5-jj9h, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3 applied in versions: 3.6.16-r0, 3.7.4-r0, 3.7.9-r0, 4.0.1-r0, 4.0.2-r0, 4.0.2-r1
Multiple security vulnerabilities affect the argo-workflows package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-RU00721 Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-47914, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-33186, ghsa-37cx-329c-33x3, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3, ghsa-p84v-gxvw-73pf applied in versions: 3.7.0-r0, 3.7.3-r0, 3.7.4-r0, 3.7.6-r0, 3.7.9-r0, 3.7.9-r1, 3.7.9-r2, 4.0.2-r0, 4.0.2-r1
Multiple security vulnerabilities affect the argo-workflows-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-LS30652 Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-47914, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-33186, ghsa-37cx-329c-33x3, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3, ghsa-p84v-gxvw-73pf applied in versions: 3.7.0-r0, 3.7.11-r0, 3.7.3-r0, 3.7.4-r0, 3.7.6-r0, 3.7.9-r0, 3.7.9-r1, 3.7.9-r2, 4.0.2-r0
Multiple security vulnerabilities affect the argo-workflows-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-VJ56922 Security fixes for CVE-2025-15558, CVE-2025-61729, CVE-2026-25934, CVE-2026-26958, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-37cx-329c-33x3, ghsa-fv92-fjc5-jj9h, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3 applied in versions: 3.6.16-r0, 3.7.11-r0, 3.7.4-r0, 3.7.9-r0, 4.0.1-r0, 4.0.2-r0
Multiple security vulnerabilities affect the argo-workflows package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-JHF3-XXHW-2WPP vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce, cloudbeat, trivy-operator-fips, nemo, kyverno-fips, rancher-fleet, argo-cd-fips, gitaly-fips, guac, gitea-fips, chainctl-fips, scorecard, nuclei, k9s, grype-db, pulumi-language-yaml, kubescape-server-fips, wolfictl, cg, grype, src-fingerprint-fips,...
CVE-2026-4867 vulnerabilities
Vulnerabilities for packages: pelias-api, json-server, argo-workflows, langfuse-fips, kubeflow-centraldashboard, thingsboard-fips, gitlab-rails-ce, langfuse, wazuh-dashboard-fips, arangodb, sqlpad, wazuh-dashboard, py3-captum, kubeflow-pipelines, kubescape-grype-offline-db, gitlab-rails-ce-fips...
GHSA-GM2X-2G9H-CCM8 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce, cloudbeat, trivy-operator-fips, nemo, kyverno-fips, rancher-fleet, argo-cd-fips, gitaly-fips, guac, gitea-fips, chainctl-fips, scorecard, nuclei, k9s, grype-db, pulumi-language-yaml, kubescape-server-fips, wolfictl, cg, grype, src-fingerprint-fips,...
CVE-2026-33762 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce, cloudbeat, trivy-operator-fips, nemo, kyverno-fips, rancher-fleet, argo-cd-fips, gitaly-fips, guac, gitea-fips, chainctl-fips, scorecard, nuclei, k9s, grype-db, pulumi-language-yaml, kubescape-server-fips, wolfictl, cg, grype, src-fingerprint-fips,...
CVE-2026-34165 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce, cloudbeat, trivy-operator-fips, nemo, kyverno-fips, rancher-fleet, argo-cd-fips, gitaly-fips, guac, gitea-fips, chainctl-fips, scorecard, nuclei, k9s, grype-db, pulumi-language-yaml, kubescape-server-fips, wolfictl, cg, grype, src-fingerprint-fips,...
GHSA-37CH-88JC-XWX2 vulnerabilities
Vulnerabilities for packages: pelias-api, json-server, argo-workflows, langfuse-fips, kubeflow-centraldashboard, thingsboard-fips, gitlab-rails-ce, langfuse, wazuh-dashboard-fips, arangodb, sqlpad, wazuh-dashboard, py3-captum, kubeflow-pipelines, kubescape-grype-offline-db, gitlab-rails-ce-fips...
CVE-2026-33762 vulnerabilities
Vulnerabilities for packages: kubevela, skaffold, dagger, pulumi-language-dotnet, kaniko, snyk-cli, kargo, pulumi-language-yaml, argo-cd, scorecard, zot, trufflehog, grype, osv-scanner, bom, argocd-image-updater, pulumi, kyverno, nuclei, chezmoi, apko, gitaly, kubescape, nfpm, wolfictl,...
GHSA-37CH-88JC-XWX2 vulnerabilities
Vulnerabilities for packages: kubeflow-centraldashboard, json-server, argo-workflows, kubeflow-pipelines, sqlpad...
CVE-2026-4867 vulnerabilities
Vulnerabilities for packages: kubeflow-centraldashboard, json-server, argo-workflows, kubeflow-pipelines, sqlpad...
GHSA-JHF3-XXHW-2WPP vulnerabilities
Vulnerabilities for packages: kubevela, skaffold, dagger, pulumi-language-dotnet, kaniko, snyk-cli, kargo, pulumi-language-yaml, argo-cd, scorecard, zot, trufflehog, grype, osv-scanner, bom, argocd-image-updater, pulumi, kyverno, nuclei, chezmoi, apko, gitaly, kubescape, nfpm, wolfictl,...
CVE-2026-34165 vulnerabilities
Vulnerabilities for packages: kubevela, skaffold, dagger, pulumi-language-dotnet, kaniko, snyk-cli, kargo, pulumi-language-yaml, argo-cd, scorecard, zot, trufflehog, grype, osv-scanner, bom, argocd-image-updater, pulumi, kyverno, nuclei, chezmoi, apko, gitaly, kubescape, nfpm, wolfictl,...
Improper Handling Of Symbolic Links
github.com/argoproj/argo-workflows is vulnerable to Improper Handling Of Symbolic Links. The vulnerability is due to flawed validation in the untar process when resolving symbolic links, which allows an attacker to overwrite critical files such as /var/run/argo/argoexec with a malicious script th...
SUSE CVE-2026-28229
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...
SUSE CVE-2026-31892
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...
BIT-ARGO-WORKFLOWS-2026-31892 WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...
BIT-ARGO-WORKFLOWS-2026-28229 Argo Workflows has unauthorized access to Argo Workflows Template
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...