-
Notifications
You must be signed in to change notification settings - Fork 5k
Security: argoproj/argo-cd
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Denial of Service via malicious jqPathExpressions in ignoreDifferencesGHSA-9m6p-x4h2-6frq published
Apr 26, 2024 by pasha-codefreshModerate -
Uncontrolled Resource Consumption vulnerability in ArgoCD's repo serverGHSA-jhwx-mhww-rgc3 published
Mar 28, 2024 by pasha-codefreshModerate -
Use of Risky or Missing Cryptographic Algorithms in Redis CacheGHSA-9766-5277-j5hr published
May 21, 2024 by pasha-codefreshCritical -
Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cdGHSA-92mw-q256-5vwg published
Jan 18, 2024 by crenshaw-devHigh -
Unauthenticated Access to sensitive settings in Argo CDGHSA-87p9-x75h-p4j2 published
Jun 6, 2024 by pasha-codefreshModerate -
Users with `create` but not `override` privileges can perform local syncGHSA-g623-jcgg-mhmm published
Mar 13, 2024 by crenshaw-devModerate -
Bypassing Rate Limit and Brute Force Protection Using Cache OverflowGHSA-2vgg-9h6w-m454 published
Mar 18, 2024 by crenshaw-devModerate -
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded EnvironmentGHSA-6v85-wr92-q4p7 published
Mar 18, 2024 by crenshaw-devHigh -
Bypassing Brute Force Protection via Application Crash and In-Memory Data LossGHSA-x32m-mvfj-52xv published
Mar 18, 2024 by crenshaw-devModerate -
API server does not enforce project sourceNamespacesGHSA-2gvw-w6fj-7m3c published
Apr 15, 2024 by pasha-codefreshModerate