CRITICAL9.9CVE-2025-55190Argo CD: Project API Token Exposes Repository Credentials from 0, < 3.0.14, >= 3.1.0-rc1, < 3.1.2
CRITICAL9.9CVE-2025-55190Argo CD: Project API Token Exposes Repository Credentials from 0, < 3.0.14
CRITICAL9.6CVE-2026-42880ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction >= 3.2.0, < 3.2.11
CRITICAL9.0Argo CD allows cross-site scripting on repositories page
from 0, < 3.0.4
CRITICAL9.0Argo CD allows cross-site scripting on repositories page
from 0, < 3.0.4
HIGH7.5Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook
>= 3.2.0-rc1, < 3.2.0-rc2
HIGH7.5Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook
>= 3.0.0-rc1, < 3.0.19, >= 3.1.0-rc1, < 3.1.8, >= 3.2.0-rc1, < 3.2.0-rc2
HIGH7.5argo-cd is vulnerable to unauthenticated DoS attack via malformed Gogs webhook payload
>= 3.0.0-rc1, < 3.0.19, >= 3.1.0-rc1, < 3.1.8, >= 3.2.0-rc1, < 3.2.0-rc2
HIGH7.5argo-cd is vulnerable to unauthenticated DoS attack via malformed Gogs webhook payload
>= 3.2.0-rc1, < 3.2.0-rc2
HIGH7.5Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload
>= 3.0.0-rc1, < 3.0.19, >= 3.1.0-rc1, < 3.1.8, >= 3.2.0-rc1, < 3.2.0-rc2
HIGH7.5Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload
>= 3.2.0-rc1, < 3.2.0-rc2
HIGH7.3Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation
from 0, < 3.2.12
MEDIUM6.5Repository Credentials Race Condition Crashes Argo CD Server
>= 3.2.0-rc1, < 3.2.0-rc2
MEDIUM6.5Repository Credentials Race Condition Crashes Argo CD Server
>= 3.0.0-rc1, < 3.0.19, >= 3.1.0-rc1, < 3.1.8, >= 3.2.0-rc1, < 3.2.0-rc2
MEDIUM6.3Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations
>= 3.2.0, < 3.2.12