Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,272
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,521
Pub
12
RubyGems
1,007
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

8 advisories

Loading
The Argo CD web terminal session does not handle the revocation of user permissions properly Moderate
CVE-2024-41666 was published for github.com/argoproj/argo-cd/v2 (Go) Jul 24, 2024
ClownandBox Credited to ClownandBox, crenshaw-dev, and pasha-codefresh crenshaw-dev crenshaw-dev
pasha-codefresh pasha-codefresh
Argo-cd authenticated users can enumerate clusters by name Moderate
CVE-2024-36106 was published for github.com/argoproj/argo-cd (Go) Jun 6, 2024
crenshaw-dev Credited to crenshaw-dev and pasha-codefresh pasha-codefresh pasha-codefresh
Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences Moderate
CVE-2024-32476 was published for github.com/argoproj/argo-cd/v2 (Go) Apr 26, 2024
crenshaw-dev Credited to crenshaw-dev, pasha-codefresh, and todaywasawesome pasha-codefresh pasha-codefresh
todaywasawesome todaywasawesome
Argo CD's API server does not enforce project sourceNamespaces Moderate
CVE-2024-31990 was published for github.com/argoproj/argo-cd/v2 (Go) Apr 15, 2024
crenshaw-dev Credited to crenshaw-dev and pasha-codefresh pasha-codefresh pasha-codefresh
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow Moderate
CVE-2024-21662 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 18, 2024
nadava669 Credited to nadava669, pasha-codefresh, crenshaw-dev, todaywasawesome, and jannfis pasha-codefresh pasha-codefresh
crenshaw-dev crenshaw-dev todaywasawesome todaywasawesome jannfis jannfis
Users with `create` but not `override` privileges can perform local sync Moderate
CVE-2023-50726 was published for github.com/argoproj/argo-cd (Go) Mar 15, 2024
crenshaw-dev Credited to crenshaw-dev
Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server Moderate
CVE-2023-40026 was published for github.com/argoproj/argo-cd (Go) Sep 27, 2023
crenshaw-dev Credited to crenshaw-dev and todaywasawesome todaywasawesome todaywasawesome
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server Moderate
CVE-2022-24904 was published for github.com/argoproj/argo-cd/v2 (Go) May 23, 2022
crenshaw-dev Credited to crenshaw-dev and tdunlap607 tdunlap607 tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database