Is github.com/argoproj/argo-cd/v2 safe to use?

github.com/argoproj/argo-cd/v2 has 6 known vulnerabilities on the latest version (v2.14.21). DepScope rates its health at 53/100 (high risk).

What is the latest version of github.com/argoproj/argo-cd/v2?

The latest version of github.com/argoproj/argo-cd/v2 is v2.14.21, released 2025-11-04.

Yes. github.com/argoproj/argo-cd/v2 has 6 known vulnerabilities. See depscope.dev/pkg/go/github.com/argoproj/argo-cd/v2 for details.

No, github.com/argoproj/argo-cd/v2 is actively maintained. Latest release: v2.14.21 (2025-11-04).

DepScope has no curated alternatives for github.com/argoproj/argo-cd/v2 at this time.

github.com/argoproj/argo-cd/v2 is licensed under Apache-2.0.

Advisories (6)

Severity	ID	Summary	Fixed in
critical	BIT-argo-cd-2025-47933	Argo CD allows cross-site scripting on repositories page	3.0.4
critical	BIT-argo-cd-2025-55190	Argo CD's Project API Token Exposes Repository Credentials	3.1.2
high	CVE-2023-40025	Argo CD web terminal session doesn't expire	2.0.0-20230821201509-e047efa8f951
unknown	BIT-argo-cd-2025-47933	Argo CD allows cross-site scripting on repositories page in github.com/argoproj/argo-cd	3.0.4
unknown	BIT-argo-cd-2025-59531	Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd	3.2.0-rc2
unknown	BIT-argo-cd-2025-59537	argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload in github.com/argoproj/argo-cd	3.2.0-rc2

github.com/argoproj/argo-cd/v2 v2.14.21 security: 6 vulnerabilities, health 53/100 | DepScope