Package impact
GO / github.com/argoproj/argo-workflows/v4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42297 | high | 8.3 | 8.3 | 27d ago | Argo has Missing Authorization in its Sync ConfigMap Provider | |||
| CVE-2026-42296 | high | 8.1 | 8.1 | 27d ago | Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure | |||
| CVE-2026-28229 | high | — | 8.0 | 3mo ago | Unauthorized access to Argo Workflows Template | |||
| CVE-2026-42294 | high | 7.5 | 7.5 | 27d ago | Argo Vulnerable to Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor | |||
| CVE-2026-42183 | medium | 6.5 | 6.5 | 27d ago | Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) | |||
| CVE-2026-42295 | medium | 4.9 | 4.9 | 27d ago | Argo vulnerable to exposure of artifact repository credentials |