Security: argoproj/argo-workflows
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Unauthorized access to Argo Workflows TemplateGHSA-56px-hm34-xqj5 published
Mar 11, 2026 by JoibelHigh -
WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference ModeGHSA-3wf5-g532-rcrr published
Mar 11, 2026 by JoibelHigh -
Stored XSS in the artifact directory listingGHSA-cv78-6m8q-ph82 published
Jan 21, 2026 by JoibelHigh -
RCE via ZipSlip and symbolic links in argoproj/argo-workflowsGHSA-xrqc-7xgx-c9vh published
Dec 9, 2025 by JoibelHigh -
ZipSlip in argoproj/argo-workflowsGHSA-p84v-gxvw-73pf published
Oct 14, 2025 by JoibelHigh -
Exposure of artifact repository credentialsGHSA-c2hv-4pfj-mm2r published
Oct 14, 2025 by JoibelHigh -
Controller: Denial of Service via malicious daemon WorkflowsGHSA-ghjw-32xw-ffwr published
Oct 28, 2024 by terrytangyuanModerate -
Server: Access to Archived Workflows with incorrect Token in `client` or `sso` modeGHSA-h36c-m3rf-34h9 published
Dec 2, 2024 by JoibelModerate -
Malicious HTML+XHR Artifact Privilege EscalationGHSA-cmv8-6362-r5w9 published
May 4, 2022 by alexecHigh -
Argo Server TLS requests could be forged by attacker with network accessGHSA-6c73-2v8x-qpvm published
Aug 18, 2021 by alexecModerate