Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

9 advisories

Loading
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss Critical
CVE-2024-21652 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 18, 2024
nadava669 Credited to nadava669, pasha-codefresh, jannfis, crenshaw-dev, and todaywasawesome pasha-codefresh pasha-codefresh
jannfis jannfis crenshaw-dev crenshaw-dev todaywasawesome todaywasawesome
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment High
CVE-2024-21661 was published for github.com/argoproj/argo-cd (Go) Mar 18, 2024
nadava669 Credited to nadava669, todaywasawesome, crenshaw-dev, jannfis, and pasha-codefresh todaywasawesome todaywasawesome
crenshaw-dev crenshaw-dev jannfis jannfis pasha-codefresh pasha-codefresh
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow Moderate
CVE-2024-21662 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 18, 2024
nadava669 Credited to nadava669, pasha-codefresh, crenshaw-dev, todaywasawesome, and jannfis pasha-codefresh pasha-codefresh
crenshaw-dev crenshaw-dev todaywasawesome todaywasawesome jannfis jannfis
Argo CD's API server does not enforce project sourceNamespaces Moderate
CVE-2024-31990 was published for github.com/argoproj/argo-cd/v2 (Go) Apr 15, 2024
crenshaw-dev Credited to crenshaw-dev and pasha-codefresh pasha-codefresh pasha-codefresh
Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences Moderate
CVE-2024-32476 was published for github.com/argoproj/argo-cd/v2 (Go) Apr 26, 2024
crenshaw-dev Credited to crenshaw-dev, pasha-codefresh, and todaywasawesome pasha-codefresh pasha-codefresh
todaywasawesome todaywasawesome
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache Critical
CVE-2024-31989 was published for github.com/argoproj/argo-cd (Go) May 21, 2024
oreenlivnicode Credited to oreenlivnicode, leoluz, crenshaw-dev, mkilchhofer, todaywasawesome, and pasha-codefresh leoluz leoluz
crenshaw-dev crenshaw-dev mkilchhofer mkilchhofer todaywasawesome todaywasawesome pasha-codefresh pasha-codefresh
Argo-cd authenticated users can enumerate clusters by name Moderate
CVE-2024-36106 was published for github.com/argoproj/argo-cd (Go) Jun 6, 2024
crenshaw-dev Credited to crenshaw-dev and pasha-codefresh pasha-codefresh pasha-codefresh
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint High
CVE-2024-40634 was published for github.com/argoproj/argo-cd (Go) Jul 22, 2024
jake-ciolek Credited to jake-ciolek, crenshaw-dev, and pasha-codefresh crenshaw-dev crenshaw-dev
pasha-codefresh pasha-codefresh
The Argo CD web terminal session does not handle the revocation of user permissions properly Moderate
CVE-2024-41666 was published for github.com/argoproj/argo-cd/v2 (Go) Jul 24, 2024
ClownandBox Credited to ClownandBox, crenshaw-dev, and pasha-codefresh crenshaw-dev crenshaw-dev
pasha-codefresh pasha-codefresh
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database