Argoproj Argo-Events vulnerabilities
2 known vulnerabilities affecting argoproj/argo-events.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-32445P2CRITICALCVSS 9.9fixed in 1.9.62025-04-15
CVE-2025-32445 [CRITICAL] CWE-250 CVE-2025-32445: Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission
Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor CRs allow the corresponding orchestrated pod to be cu
nvd
CVE-2022-31054P3HIGHCVSS 7.5fixed in 1.7.12022-06-13
CVE-2022-31054 [HIGH] CWE-400 CVE-2022-31054: Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1,
Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of serv
nvd