github.com/argoproj/argo-cd/v3

Go7 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/argoproj/argo-cd/v3page 1 of 1

CVE-2025-47933CRITICALCVSS 9.0EG 9.0✓ Fixed in 3.0.4
2025-05-29
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL pro…
CVE-2025-55190CRITICALCVSS 9.9EG 9.9✓ Fixed in 3.0.14
2025-09-04
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to re…
CVE-2025-55191MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.2.0-rc2
2025-09-30
vulnerable: 3.2.0-rc1
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions between 2.1.0 and 2.14.19, 3.2.0-rc1, 3.1.0-rc1 through 3.1.7, and 3.0.0-rc1 through 3.0.18 contain a race condition in the repository credentials handler t…
CVE-2025-59531HIGHCVSS 7.5EG 7.5✓ Fixed in 3.2.0-rc2
2025-10-01
vulnerable: 3.2.0-rc1
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the A…
CVE-2025-59537HIGHCVSS 7.5EG 7.5✓ Fixed in 3.2.0-rc2
2025-10-01
vulnerable: 3.2.0-rc1
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the A…
CVE-2025-59538HIGHCVSS 7.5EG 7.5✓ Fixed in 3.2.0-rc2
2025-10-01
vulnerable: 3.2.0-rc1
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.6 and 3.0.17, when the webhook.azuredevops.username and webhook.azuredevops.password are not…
CVE-2026-42880CRITICALCVSS 9.6EG 9.6✓ Fixed in 3.3.9
2026-05-07
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allow…

Check whether github.com/argoproj/argo-cd/v3 is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/argoproj/argo-cd/v3 CVEs against the assets you own.

Start Free Scan →