Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,762
Maven
5,000+
npm
4,371
NuGet
767
pip
4,141
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9 advisories

Loading
The Argo CD web terminal session does not handle the revocation of user permissions properly Moderate
CVE-2024-41666 was published for github.com/argoproj/argo-cd/v2 (Go) Jul 24, 2024
ClownandBox crenshaw-dev
pasha-codefresh
Credited to ClownandBox, crenshaw-dev, and pasha-codefresh
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint High
CVE-2024-40634 was published for github.com/argoproj/argo-cd (Go) Jul 22, 2024
jake-ciolek crenshaw-dev
pasha-codefresh
Credited to jake-ciolek, crenshaw-dev, and pasha-codefresh
Argo-cd authenticated users can enumerate clusters by name Moderate
CVE-2024-36106 was published for github.com/argoproj/argo-cd (Go) Jun 6, 2024
crenshaw-dev pasha-codefresh
Credited to crenshaw-dev and pasha-codefresh
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache Critical
CVE-2024-31989 was published for github.com/argoproj/argo-cd (Go) May 21, 2024
oreenlivnicode leoluz
crenshaw-dev mkilchhofer todaywasawesome pasha-codefresh
Credited to oreenlivnicode, leoluz, crenshaw-dev, mkilchhofer, todaywasawesome, and pasha-codefresh
Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences Moderate
CVE-2024-32476 was published for github.com/argoproj/argo-cd/v2 (Go) Apr 26, 2024
crenshaw-dev pasha-codefresh
todaywasawesome
Credited to crenshaw-dev, pasha-codefresh, and todaywasawesome
Argo CD's API server does not enforce project sourceNamespaces Moderate
CVE-2024-31990 was published for github.com/argoproj/argo-cd/v2 (Go) Apr 15, 2024
crenshaw-dev pasha-codefresh
Credited to crenshaw-dev and pasha-codefresh
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow Moderate
CVE-2024-21662 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 18, 2024
nadava669 pasha-codefresh
crenshaw-dev todaywasawesome jannfis
Credited to nadava669, pasha-codefresh, crenshaw-dev, todaywasawesome, and jannfis
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment High
CVE-2024-21661 was published for github.com/argoproj/argo-cd (Go) Mar 18, 2024
nadava669 todaywasawesome
crenshaw-dev jannfis pasha-codefresh
Credited to nadava669, todaywasawesome, crenshaw-dev, jannfis, and pasha-codefresh
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss Critical
CVE-2024-21652 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 18, 2024
nadava669 pasha-codefresh
jannfis crenshaw-dev todaywasawesome
Credited to nadava669, pasha-codefresh, jannfis, crenshaw-dev, and todaywasawesome
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database