github.com/argoproj/argo-events

Go3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/argoproj/argo-eventspage 1 of 1

CVE-2022-25856HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.1
2022-06-17
The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided…
CVE-2022-31054HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.1
2022-06-13
Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such,…
CVE-2025-32445CRITICALCVSS 9.9EG 9.9✓ Fixed in 1.9.6
2025-04-15
Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having dir…

Check whether github.com/argoproj/argo-events is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/argoproj/argo-events CVEs against the assets you own.

Start Free Scan →