{"package":"github.com/argoproj/argo-workflows","ecosystem":"go","latest_version":"v0.4.7","description":"Workflow Engine for Kubernetes","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/argoproj/argo-workflows","repository":"https://github.com/argoproj/argo-workflows","downloads_weekly":16642,"health":{"score":46,"risk":"high","breakdown":{"maintenance":0,"popularity":10,"security":8,"maturity":15,"community":13},"deprecated":false,"max_score":100},"vulnerabilities":{"count":6,"critical":0,"high":3,"medium":1,"low":2,"details":[{"vuln_id":"BIT-argo-workflows-2026-31892","severity":"high","summary":"Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode","affected_versions":"<4.0.2|<3.7.11|>=2.9.0","fixed_version":"3.7.11","source":"osv","published_at":"2026-03-11T19:29:33Z"},{"vuln_id":"BIT-argo-workflows-2026-23960","severity":"high","summary":"Argo Workflows affected by stored XSS in the artifact directory listing","affected_versions":"<3.6.17|>=3.7.0,<3.7.8|<=2.5.3-rc4","fixed_version":"3.7.8","source":"osv","published_at":"2026-01-21T22:00:38Z"},{"vuln_id":"GHSA-rc7p-gmvh-xfx2","severity":"medium","summary":"Attack on Kubernetes via Misconfigured Argo Workflows","affected_versions":null,"fixed_version":null,"source":"osv","published_at":"2021-08-02T17:19:52Z"},{"vuln_id":"BIT-argo-workflows-2025-66626","severity":"high","summary":" RCE via ZipSlip and symbolic links in argoproj/argo-workflows","affected_versions":">=3.7.0,<3.7.5|<3.6.14|<=2.5.3-rc4","fixed_version":"3.6.14","source":"osv","published_at":"2025-12-09T17:17:22Z"},{"vuln_id":"BIT-argo-workflows-2026-28229","severity":"unknown","summary":"Unauthorized access to Argo Workflows Template in github.com/argoproj/argo-workflows","affected_versions":"<3.7.11|<4.0.2","fixed_version":"4.0.2","source":"osv","published_at":"2026-03-12T20:57:37Z"},{"vuln_id":"BIT-argo-workflows-2026-31892","severity":"unknown","summary":"Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode in github.com/argoproj/argo-workflows","affected_versions":">=2.9.0|<3.7.11|<4.0.2","fixed_version":"4.0.2","source":"osv","published_at":"2026-03-12T20:57:37Z"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v0.4.7","total_count":120,"recent":["v2.5.0-rc6+incompatible","v2.3.0-rc3+incompatible","v2.1.0-beta2+incompatible","v0.0.0-dev-dataflow-39","v0.0.0-dev-dataflow-10","v2.1.0-alpha1+incompatible","v0.0.0-dev-dataflow-19","v2.5.0-rc3+incompatible","v0.2.0","v0.0.0-dev-dataflow-14","v0.4.2","v0.3.2","v0.0.0-dev-dataflow-31","v0.0.0-dev-dataflow-42","v0.0.0-dev-dataflow-18","v2.2.1+incompatible","v0.0.0-dev-dataflow-27","v0.0.0-dev-dataflow-24","v0.0.0-dev-kc-2","v0.0.0-dev-dataflow-41"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1017,"first_published":null,"last_published":"2018-06-07T18:09:38Z","dependencies_count":0,"dependencies":[]},"github_stats":{"stars":16653,"forks":3510,"open_issues":1413,"is_archived":false,"pushed_at":"2026-04-29T09:45:54Z","subscribers_count":200},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["3 high severity vulnerabilities"],"use_version":"v0.4.7","version_hint":"Update to >= 4.0.2 to fix known vulnerabilities","summary":"github.com/argoproj/argo-workflows@v0.4.7 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":2882,"avg_days_between_releases":null,"release_velocity":"stale"}}