pkg:Go/github.com/argoproj/argo-workflows/v4
10 total CVEsHIGH4
✅ Check your installed version
All known vulnerabilities
HIGH8.1CVE-2026-42296Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure >= 4.0.0, < 4.0.5
HIGH7.7CVE-2026-40886Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller >= 4.0.0, < 4.0.5
HIGH7.5CVE-2026-28229Argo Workflows has unauthorized access to Argo Workflows Template from 0, < 4.0.2
HIGH7.5Argo Workflows has unauthorized access to Argo Workflows Template
from 0, < 4.0.2
—Argo Workflows: Exposure of artifact repository credentials
>= 4.0.0, < 4.0.5
—Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor
>= 4.0.0, < 4.0.5
—Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)
>= 4.0.0, < 4.0.5
—Argo Workflows Is Missing Authorization in Sync ConfigMap Provider
>= 4.0.0, < 4.0.5
—WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode
from 0, < 4.0.2
—WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode
from 0, < 4.0.2