Lucene search
K

439 matches found

osv
osv
added 2026/04/01 9:14 a.m.4 views

CLEANSTART-2026-YB55927 Security fixes for CVE-2025-15558, CVE-2025-61729, CVE-2026-25934, CVE-2026-26958, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-37cx-329c-33x3, ghsa-fv92-fjc5-jj9h, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3 applied in versions: 3.6.16-r0, 3.7.4-r0, 3.7.9-r0, 4.0.1-r0, 4.0.2-r0, 4.0.2-r1

Multiple security vulnerabilities affect the argo-workflows package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.8AI score0.01557EPSS
Exploits3References18
osv
osv
added 2026/04/01 9:13 a.m.12 views

CLEANSTART-2026-RU00721 Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-47914, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-33186, ghsa-37cx-329c-33x3, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3, ghsa-p84v-gxvw-73pf applied in versions: 3.7.0-r0, 3.7.3-r0, 3.7.4-r0, 3.7.6-r0, 3.7.9-r0, 3.7.9-r1, 3.7.9-r2, 4.0.2-r0, 4.0.2-r1

Multiple security vulnerabilities affect the argo-workflows-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS5.8AI score0.01557EPSS
Exploits2References32
osv
osv
added 2026/04/01 9:7 a.m.7 views

CLEANSTART-2026-LS30652 Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-47914, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-33186, ghsa-37cx-329c-33x3, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3, ghsa-p84v-gxvw-73pf applied in versions: 3.7.0-r0, 3.7.11-r0, 3.7.3-r0, 3.7.4-r0, 3.7.6-r0, 3.7.9-r0, 3.7.9-r1, 3.7.9-r2, 4.0.2-r0

Multiple security vulnerabilities affect the argo-workflows-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.8AI score0.01557EPSS
Exploits2References32
osv
osv
added 2026/04/01 9:5 a.m.8 views

CLEANSTART-2026-VJ56922 Security fixes for CVE-2025-15558, CVE-2025-61729, CVE-2026-25934, CVE-2026-26958, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-37cx-329c-33x3, ghsa-fv92-fjc5-jj9h, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3 applied in versions: 3.6.16-r0, 3.7.11-r0, 3.7.4-r0, 3.7.9-r0, 4.0.1-r0, 4.0.2-r0

Multiple security vulnerabilities affect the argo-workflows package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.01557EPSS
Exploits3References18
cgr
cgr
added 2026/03/31 7:55 a.m.5 views

GHSA-JHF3-XXHW-2WPP vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, cloudbeat, trivy-operator-fips, nemo, kyverno-fips, rancher-fleet, argo-cd-fips, gitaly-fips, guac, gitea-fips, chainctl-fips, scorecard, nuclei, k9s, grype-db, pulumi-language-yaml, kubescape-server-fips, wolfictl, cg, grype, src-fingerprint-fips,...

6.1AI score
Exploits0
cgr
cgr
added 2026/03/31 7:55 a.m.5 views

CVE-2026-4867 vulnerabilities

Vulnerabilities for packages: pelias-api, json-server, argo-workflows, langfuse-fips, kubeflow-centraldashboard, thingsboard-fips, gitlab-rails-ce, langfuse, wazuh-dashboard-fips, arangodb, sqlpad, wazuh-dashboard, py3-captum, kubeflow-pipelines, kubescape-grype-offline-db, gitlab-rails-ce-fips...

7.5CVSS6.2AI score0.00496EPSS
Exploits0
cgr
cgr
added 2026/03/31 7:55 a.m.7 views

GHSA-GM2X-2G9H-CCM8 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, cloudbeat, trivy-operator-fips, nemo, kyverno-fips, rancher-fleet, argo-cd-fips, gitaly-fips, guac, gitea-fips, chainctl-fips, scorecard, nuclei, k9s, grype-db, pulumi-language-yaml, kubescape-server-fips, wolfictl, cg, grype, src-fingerprint-fips,...

6.1AI score
Exploits0
cgr
cgr
added 2026/03/31 7:55 a.m.30 views

CVE-2026-33762 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, cloudbeat, trivy-operator-fips, nemo, kyverno-fips, rancher-fleet, argo-cd-fips, gitaly-fips, guac, gitea-fips, chainctl-fips, scorecard, nuclei, k9s, grype-db, pulumi-language-yaml, kubescape-server-fips, wolfictl, cg, grype, src-fingerprint-fips,...

2.8CVSS6.1AI score0.00153EPSS
Exploits0
cgr
cgr
added 2026/03/31 7:55 a.m.8 views

CVE-2026-34165 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, cloudbeat, trivy-operator-fips, nemo, kyverno-fips, rancher-fleet, argo-cd-fips, gitaly-fips, guac, gitea-fips, chainctl-fips, scorecard, nuclei, k9s, grype-db, pulumi-language-yaml, kubescape-server-fips, wolfictl, cg, grype, src-fingerprint-fips,...

5CVSS6.1AI score0.00147EPSS
Exploits0
cgr
cgr
added 2026/03/31 7:55 a.m.7 views

GHSA-37CH-88JC-XWX2 vulnerabilities

Vulnerabilities for packages: pelias-api, json-server, argo-workflows, langfuse-fips, kubeflow-centraldashboard, thingsboard-fips, gitlab-rails-ce, langfuse, wazuh-dashboard-fips, arangodb, sqlpad, wazuh-dashboard, py3-captum, kubeflow-pipelines, kubescape-grype-offline-db, gitlab-rails-ce-fips...

6.1AI score
Exploits0
wolfi
wolfi
added 2026/03/31 7:48 a.m.21 views

CVE-2026-33762 vulnerabilities

Vulnerabilities for packages: kubevela, skaffold, dagger, pulumi-language-dotnet, kaniko, snyk-cli, kargo, pulumi-language-yaml, argo-cd, scorecard, zot, trufflehog, grype, osv-scanner, bom, argocd-image-updater, pulumi, kyverno, nuclei, chezmoi, apko, gitaly, kubescape, nfpm, wolfictl,...

2.8CVSS6.1AI score0.00153EPSS
Exploits0
wolfi
wolfi
added 2026/03/31 7:48 a.m.8 views

GHSA-37CH-88JC-XWX2 vulnerabilities

Vulnerabilities for packages: kubeflow-centraldashboard, json-server, argo-workflows, kubeflow-pipelines, sqlpad...

6.1AI score
Exploits0
wolfi
wolfi
added 2026/03/31 7:48 a.m.12 views

CVE-2026-4867 vulnerabilities

Vulnerabilities for packages: kubeflow-centraldashboard, json-server, argo-workflows, kubeflow-pipelines, sqlpad...

7.5CVSS6.2AI score0.00496EPSS
Exploits0
wolfi
wolfi
added 2026/03/31 7:48 a.m.10 views

GHSA-JHF3-XXHW-2WPP vulnerabilities

Vulnerabilities for packages: kubevela, skaffold, dagger, pulumi-language-dotnet, kaniko, snyk-cli, kargo, pulumi-language-yaml, argo-cd, scorecard, zot, trufflehog, grype, osv-scanner, bom, argocd-image-updater, pulumi, kyverno, nuclei, chezmoi, apko, gitaly, kubescape, nfpm, wolfictl,...

6.1AI score
Exploits0
wolfi
wolfi
added 2026/03/31 7:48 a.m.12 views

CVE-2026-34165 vulnerabilities

Vulnerabilities for packages: kubevela, skaffold, dagger, pulumi-language-dotnet, kaniko, snyk-cli, kargo, pulumi-language-yaml, argo-cd, scorecard, zot, trufflehog, grype, osv-scanner, bom, argocd-image-updater, pulumi, kyverno, nuclei, chezmoi, apko, gitaly, kubescape, nfpm, wolfictl,...

5CVSS6.1AI score0.00147EPSS
Exploits0
veracode
veracode
added 2026/03/25 10:14 a.m.4 views

Improper Handling Of Symbolic Links

github.com/argoproj/argo-workflows is vulnerable to Improper Handling Of Symbolic Links. The vulnerability is due to flawed validation in the untar process when resolving symbolic links, which allows an attacker to overwrite critical files such as /var/run/argo/argoexec with a malicious script th...

8.1CVSS7.1AI score0.00589EPSS
Exploits1References7Affected Software1
susecve
susecve
added 2026/03/25 12:26 a.m.4 views

SUSE CVE-2026-28229

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...

9.8CVSS5.9AI score0.00652EPSS
Exploits1References3
susecve
susecve
added 2026/03/25 12:24 a.m.6 views

SUSE CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

9.9CVSS5.9AI score0.00413EPSS
Exploits1References3
osv
osv
added 2026/03/13 9:1 a.m.2 views

BIT-ARGO-WORKFLOWS-2026-31892 WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

9.9CVSS5.8AI score0.00413EPSS
Exploits1References6
osv
osv
added 2026/03/13 9:1 a.m.4 views

BIT-ARGO-WORKFLOWS-2026-28229 Argo Workflows has unauthorized access to Argo Workflows Template

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...

9.8CVSS5.8AI score0.00652EPSS
Exploits1References6
Rows per page
Query Builder