github.com/argoproj/argo-workflows/v3
Go9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/argoproj/argo-workflows/v3page 1 of 1
- CVE-2021-37914MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.1.62021-08-03
In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is eva…
- CVE-2022-29164HIGHCVSS 7.1EG 7.1✓ Fixed in 3.3.52022-05-06
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a …
- CVE-2024-47827MEDIUMCVSS 5.7EG 5.7✓ Fixed in 3.6.0-rc22024-10-28
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by an…
- CVE-2024-53862HIGHCVSS 7.5EG 7.5✓ Fixed in 3.6.22024-12-02
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using `--auth-mode=client`, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoin…
- CVE-2025-62156HIGHCVSS 8.1EG 8.1✓ Fixed in 3.6.122025-10-14
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extracti…
- CVE-2025-66626HIGHCVSS 8.1EG 8.1✓ Fixed in 3.7.52025-12-09
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives.…
- CVE-2026-40886HIGHCVSS 7.7EG 7.72026-04-23
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod() function causes a controller-wide panic whe…
- CVE-2026-42294HIGHCVSS 7.5EG 7.5✓ Fixed in 3.7.142026-05-09
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating th…
- CVE-2026-42296HIGHCVSS 8.1EG 8.1✓ Fixed in 3.7.142026-05-09
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host …
Check whether github.com/argoproj/argo-workflows/v3 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/argoproj/argo-workflows/v3 CVEs against the assets you own.
Start Free Scan →