Package impact
Go / github.com/argoproj/argo-workflows/v4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42297 | high | 8.3 | 8.3 | 27d ago | Argo has Missing Authorization in its Sync ConfigMap Provider | |||
| CVE-2026-42296 | high | 8.1 | 8.1 | 27d ago | Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure | |||
| CVE-2026-28229 | high | — | 8.0 | 3mo ago | Unauthorized access to Argo Workflows Template | |||
| CVE-2026-40886 | high | 7.7 | 7.7 | 1mo ago | Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller | |||
| CVE-2026-42294 | high | 7.5 | 7.5 | 27d ago | Argo Vulnerable to Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor |