Security: argoproj/argo-workflows
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Incomplete fix for CVE-2026-31892 / GHSA-3775-99mw-8rp4: ArtifactGC.PodSpecPatch bypass of Strict/Secure templateReferencingGHSA-48p8-g2fx-3wwm published
Jun 10, 2026 by JoibelHigh -
SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)GHSA-p4gq-3vxj-f4jq published
Apr 23, 2026 by JoibelLow -
Missing Authorization in Sync ConfigMap ProviderGHSA-xchc-cqwg-g76q published
Apr 23, 2026 by JoibelHigh -
Unchecked annotation parsing in pod informer crashes Argo Workflows controllerGHSA-5jv8-h7qh-rf5p published
Apr 23, 2026 by JoibelHigh -
Incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/SecureGHSA-3775-99mw-8rp4 published
Apr 23, 2026 by JoibelHigh -
Exposure of artifact repository credentialsGHSA-7vf8-2cr6-54mf published
Apr 23, 2026 by JoibelHigh -
Unauthorized access to Argo Workflows TemplateGHSA-56px-hm34-xqj5 published
Mar 11, 2026 by JoibelCritical -
WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference ModeGHSA-3wf5-g532-rcrr published
Mar 11, 2026 by JoibelHigh -
Unauthenticated Memory Exhaustion (DoS) in Webhook InterceptorGHSA-jcc8-g2q4-9fxq published
Apr 23, 2026 by JoibelHigh -
Stored XSS in the artifact directory listingGHSA-cv78-6m8q-ph82 published
Jan 21, 2026 by JoibelHigh