Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,272
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,521
Pub
12
RubyGems
1,007
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

8 advisories

Loading
Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook High
CVE-2025-59538 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 30, 2025
jake-ciolek Credited to jake-ciolek, crenshaw-dev, and blakepettersson crenshaw-dev crenshaw-dev
blakepettersson blakepettersson
argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload High
CVE-2025-59537 was published for github.com/argoproj/argo-cd (Go) Sep 30, 2025
s0ngsari530 Credited to s0ngsari530, jake-ciolek, crenshaw-dev, and blakepettersson jake-ciolek jake-ciolek
crenshaw-dev crenshaw-dev blakepettersson blakepettersson
Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload High
CVE-2025-59531 was published for github.com/argoproj/argo-cd (Go) Sep 30, 2025
jake-ciolek Credited to jake-ciolek, crenshaw-dev, and blakepettersson crenshaw-dev crenshaw-dev
blakepettersson blakepettersson
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint High
CVE-2024-40634 was published for github.com/argoproj/argo-cd (Go) Jul 22, 2024
jake-ciolek Credited to jake-ciolek, crenshaw-dev, and pasha-codefresh crenshaw-dev crenshaw-dev
pasha-codefresh pasha-codefresh
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment High
CVE-2024-21661 was published for github.com/argoproj/argo-cd (Go) Mar 18, 2024
nadava669 Credited to nadava669, todaywasawesome, crenshaw-dev, jannfis, and pasha-codefresh todaywasawesome todaywasawesome
crenshaw-dev crenshaw-dev jannfis jannfis pasha-codefresh pasha-codefresh
Controller reconciles apps outside configured namespaces when sharding is enabled High
CVE-2023-22736 was published for github.com/argoproj/argo-cd/v2 (Go) Jan 25, 2023
czchen Credited to czchen and crenshaw-dev crenshaw-dev crenshaw-dev
Argo CD certificate verification is skipped for connections to OIDC providers High
CVE-2022-31105 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
jannfis Credited to jannfis, crenshaw-dev, DavidKorczynski, and AdamKorcz crenshaw-dev crenshaw-dev
DavidKorczynski DavidKorczynski AdamKorcz AdamKorcz
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params High
CVE-2022-31034 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
crenshaw-dev Credited to crenshaw-dev, jgwest, AdamKorcz, and DavidKorczynski jgwest jgwest
AdamKorcz AdamKorcz DavidKorczynski DavidKorczynski
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database