{"package":"github.com/argoproj/argo-cd/v2","ecosystem":"go","latest_version":"v2.14.21","description":"Declarative Continuous Deployment for Kubernetes","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/argoproj/argo-cd/v2","repository":"https://github.com/argoproj/argo-cd/v2","downloads_weekly":22774,"health":{"score":45,"risk":"high","breakdown":{"maintenance":15,"popularity":10,"security":0,"maturity":15,"community":5},"deprecated":false,"max_score":100},"vulnerabilities":{"count":6,"critical":2,"high":1,"medium":0,"low":3,"details":[{"vuln_id":"BIT-argo-cd-2025-47933","severity":"critical","summary":"Argo CD allows cross-site scripting on repositories page","affected_versions":">=1.2.0-rc1,<=1.8.7|>=2.0.0-rc3,<2.13.8|>=2.14.0-rc1,<2.14.13|<3.0.4","fixed_version":"3.0.4","source":"osv","published_at":"2025-05-28T17:36:32Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-argo-cd-2025-55190","severity":"critical","summary":"Argo CD's Project API Token Exposes Repository Credentials","affected_versions":">=2.13.0,<2.13.9|>=2.14.0,<2.14.16|<3.0.14|>=3.1.0-rc1,<3.1.2","fixed_version":"3.1.2","source":"osv","published_at":"2025-09-04T19:49:56Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2023-40025","severity":"high","summary":"Argo CD web terminal session doesn't expire","affected_versions":">=2.6.0,<2.6.14|>=2.7.0,<2.7.12|>=2.8.0,<2.8.1|>=2.0.0-20230718200744-12a5a7a70d6e,<2.0.0-20230821201509-e047efa8f951|=2.8.0","fixed_version":"2.0.0-20230821201509-e047efa8f951","source":"osv","published_at":"2023-08-23T17:50:41Z","in_kev":false,"epss_prob":0.00175,"epss_percentile":0.38575,"threat_tier":"theoretical"},{"vuln_id":"BIT-argo-cd-2025-47933","severity":"unknown","summary":"Argo CD allows cross-site scripting on repositories page in github.com/argoproj/argo-cd","affected_versions":">=1.2.0-rc1|>=2.14.0-rc1,<2.14.13|<3.0.4","fixed_version":"3.0.4","source":"osv","published_at":"2025-05-29T20:59:03Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-argo-cd-2025-59531","severity":"unknown","summary":"Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd","affected_versions":">=1.2.0|<2.14.20|>=3.2.0-rc1,<3.2.0-rc2","fixed_version":"3.2.0-rc2","source":"osv","published_at":"2025-10-23T16:25:09Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-argo-cd-2025-59537","severity":"unknown","summary":"argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload in github.com/argoproj/argo-cd","affected_versions":">=1.2.0|<2.14.20|>=3.2.0-rc1,<3.2.0-rc2","fixed_version":"3.2.0-rc2","source":"osv","published_at":"2025-10-23T16:25:09Z","in_kev":false,"threat_tier":"unknown"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v2.14.21","total_count":339,"recent":["v2.13.6","v2.7.9","v2.13.0-rc2","v2.6.4","v2.5.0","v2.14.0-rc7","v2.6.6","v2.10.10","v2.5.2","v2.4.4","v2.5.22","v2.2.15","v2.2.10","v2.7.12","v2.13.8","v2.4.24","v2.7.5","v2.11.1","v2.13.0-rc3","v2.4.0-rc5"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1982,"first_published":null,"last_published":"2025-11-04T14:56:45Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["1 high severity vulnerabilities","2 critical vulnerabilities"],"use_version":"v2.14.21","version_hint":"Update to >= 3.2.0-rc2 to fix known vulnerabilities","summary":"github.com/argoproj/argo-cd/v2 has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":1889,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":21,"first_release_age_days":1851,"last_release_days_ago":178,"avg_days_between_releases":93,"release_velocity":"moderate"}}