pkg:Go/github.com/argoproj/argo-workflows/v3

共 22 筆 CVEHIGH9MEDIUM4

✅ 檢查你的版本

所有已知漏洞

  • HIGH8.1CVE-2026-42296Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure
    from 0, < 3.7.14
  • HIGH8.1CVE-2025-66626RCE via ZipSlip and symbolic links in argoproj/argo-workflows in github.com/argoproj/argo-workflows
    >= 3.7.0, < 3.7.5
  • HIGH8.1CVE-2025-66626RCE via ZipSlip and symbolic links in argoproj/argo-workflows in github.com/argoproj/argo-workflows
    from 0, < 3.6.14, >= 3.7.0, < 3.7.5
  • HIGH8.1CVE-2025-62156Argo Workflow has a Zipslip Vulnerability
    from 0, < 3.6.12
  • HIGH8.1CVE-2025-62156Argo Workflow has a Zipslip Vulnerability
    from 0, < 3.6.12, >= 3.7.0, < 3.7.3
  • HIGH7.7CVE-2026-40886Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller
    >= 3.7.0, < 3.7.14
  • HIGH7.5CVE-2026-28229Unauthorized access to Argo Workflows Template
    >= 3.7.0, < 3.7.11
  • HIGH7.5CVE-2026-28229Unauthorized access to Argo Workflows Template
    from 0, < 3.7.11
  • HIGH7.1CVE-2022-29164Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows
    >= 2.6.0, < 3.2.11
  • MEDIUM6.5CVE-2021-37914Workflow re-write vulnerability using input parameter in github.com/argoproj/argo-workflows
    >= 3.1.0, < 3.1.6
  • MEDIUM6.5CVE-2021-37914Workflow re-write vulnerability using input parameter in github.com/argoproj/argo-workflows
    >= 3.1.0, < 3.1.6
  • MEDIUM5.7CVE-2024-47827Argo Workflows Controller: Denial of Service via malicious daemon Workflows in github.com/argoproj/argo-workflows
    >= 3.6.0-rc1, < 3.6.0-rc2
  • MEDIUM5.7CVE-2024-47827Argo Workflows Controller: Denial of Service via malicious daemon Workflows in github.com/argoproj/argo-workflows
    >= 3.6.0-rc1, < 3.6.0-rc2
  • CVE-2026-42294Argo Vulnerable to Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor
    from 0, < 3.7.14
  • CVE-2026-31892WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode
    from 0, < 3.7.11
  • CVE-2026-31892WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode
    from 0, < 3.7.11
  • CVE-2026-23960Argo Workflows affected by stored XSS in the artifact directory listing in github.com/argoproj/argo-workflows
    from 0, < 3.6.17, >= 3.7.0, < 3.7.8
  • CVE-2026-23960Argo Workflows affected by stored XSS in the artifact directory listing in github.com/argoproj/argo-workflows
    from 0, < 3.6.17
  • CVE-2025-62157Argo Workflow may expose artifact repository credentials in github.com/argoproj/argo-workflows
    from 0, < 3.6.12, >= 3.7.0, < 3.7.3
  • CVE-2025-62157Argo Workflow may expose artifact repository credentials in github.com/argoproj/argo-workflows
    >= 3.7.0, < 3.7.3
  • CVE-2024-53862Access to Archived Argo Workflows with Fake Token in `client` mode
    >= 3.5.7, < 3.5.13, >= 3.6.0-rc1, < 3.6.2
  • CVE-2024-53862Access to Archived Argo Workflows with Fake Token in `client` mode
    >= 3.5.7, < 3.5.13