HIGH8.1CVE-2025-66626argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links from 0, <= 2.5.3-rc4
HIGH8.1CVE-2025-66626argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links from 0
HIGH8.1CVE-2025-62156argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite from 0
HIGH7.5Argo Workflows has unauthorized access to Argo Workflows Template
from 0
MEDIUM6.5Workflow re-write vulnerability using input parameter in github.com/argoproj/argo-workflows
from 0
MEDIUM5.7Argo Workflows Controller: Denial of Service via malicious daemon Workflows in github.com/argoproj/argo-workflows
from 0
—WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode
from 0
—WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode
>= 2.9.0
—Argo Workflows affected by stored XSS in the artifact directory listing
from 0, <= 2.5.3-rc4
—Argo Workflows affected by stored XSS in the artifact directory listing
from 0
—Argo Workflows exposes artifact repository credentials in workflow-controller logs
from 0
—Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode
from 0