Argo CD ↗
Summary iPlain-English security verdict for Argo CD, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Argo CD currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 3.4.3. It's on the latest patch with no significant known issues — keep it current.
Disclosure trend iNew CVEs published for Argo CD each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2025-55190 CRITICAL Information disclosure EPSS 5% → fixed in 3.1.2 CVE-2022-29165 CRITICAL Information disclosure EPSS 2% → fixed in 2.3.4 CVE-2024-31989 CRITICAL CWE-327 EPSS 1% → fixed in 2.11.1 CVE-2022-24768 CRITICAL Information disclosure EPSS 1% → fixed in 2.3.2 CVE-2023-40029 CRITICAL Information disclosure EPSS 1% → fixed in 2.8.3 CVE-2023-22482 CRITICAL Incorrect authorization EPSS 1% → fixed in 2.5.8 CVE-2022-31035 CRITICAL Cross-site scripting (XSS) EPSS 1% → fixed in 2.1.16 CVE-2024-21652 CRITICAL CWE-307 EPSS 1% → fixed in 2.10.4 CVE-2023-23947 CRITICAL Incorrect authorization EPSS 1% → fixed in 2.6.2 CVE-2024-28175 CRITICAL Cross-site scripting (XSS) EPSS 1% → fixed in 2.10.3 CVE-2025-47933 CRITICAL Cross-site scripting (XSS) EPSS 0% → fixed in 3.0.4 CVE-2026-42880 CRITICAL Information disclosure EPSS 0% → fixed in 3.3.9Get alerted about Argo CD
Be emailed the moment Argo CD gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.
We email only on real events for Argo CD — no marketing, no sharing, and we never know what you run. Track your whole stack →
Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.
How long each Argo CD release line is supported — and when it sunsets. Select a line for its full report.
Full Argo CD end-of-life dates & support timeline →
3.4 latest 3.4.3 Supported 3.4.3 → 3.3 latest 3.3.11 Supported 3.3.11 → 3.2 latest 3.2.12 Supported 3.2.12 → 3.1 latest 3.1.16 End of life ended 2026-05-053.1.16 → 3.0 latest 3.0.23 End of life ended 2026-02-023.0.23 → 2.14 latest 2.14.21 End of life ended 2025-11-042.14.21 → 2.13 latest 2.13.9 End of life ended 2025-08-132.13.9 → 2.12 latest 2.12.13 End of life ended 2025-05-062.12.13 → 2.11 latest 2.11.14 End of life ended 2025-02-032.11.14 → 2.10 latest 2.10.20 End of life ended 2024-11-042.10.20 → See all upcoming end-of-life dates →Frequently asked
Is Argo CD safe and patched?
Argo CD currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 3.4.3. It's on the latest patch with no significant known issues — keep it current.
What should I do about Argo CD now?
Upgrade Argo CD to the latest supported release (3.4.3) or later and apply available security updates, then confirm against Argo Project's official advisory.
When does Argo CD reach end-of-life?
The latest supported Argo CD release is 3.4.3. After end-of-life a release no longer receives security patches.
Which versions of Argo CD are still receiving security updates?
Supported Argo CD release lines (latest 3.4.3): 3.4, 3.3, 3.2. End-of-life releases no longer receive security patches.
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Argo Project's official advisory before you patch or upgrade — Argo CD official site ↗