Skip to main content

Argo CD Security-Hardened Images

Security Scan 2026-07-13

Argo CD security-hardened images include precisely what is needed to run Argo CD. As a result, we build smaller-sized images with a reduced number of CVEs. By not including a package manager and inserting the needed runtime dependencies, the attack surface is significantly reduced.

Below you will find the weekly-updated security scans of Akuity's security-hardened Argo CD images compared with the open source images.


Akuity v2.14.21-distroless vs Argo CD v2.14.21

Full list of open source Argo CD vulnerabilities in this release

quay.io/akuity/argocd:v2.14.21-distroless

Vulnerabilities (35)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
busyboxCVE-2023-39810HIGH1.37.0-r501.37.0-r58
busyboxCVE-2026-26157HIGH1.37.0-r501.37.0-r58
busyboxCVE-2026-26158HIGH1.37.0-r501.37.0-r58
git-lfsCVE-2025-68121CRITICAL3.7.1-r03.7.1-r4
git-lfsCVE-2025-61726HIGH3.7.1-r03.7.1-r3
git-lfsCVE-2025-61731HIGH3.7.1-r03.7.1-r3
git-lfsCVE-2025-61732HIGH3.7.1-r03.7.1-r4
git-lfsCVE-2026-27140HIGH3.7.1-r03.7.1-r14
git-lfsCVE-2026-32280HIGH3.7.1-r03.7.1-r14
git-lfsCVE-2026-32281HIGH3.7.1-r03.7.1-r14
git-lfsCVE-2026-32283HIGH3.7.1-r03.7.1-r14
git-lfsCVE-2026-33814HIGH3.7.1-r03.7.1-r12
libcrypto3CVE-2026-31789CRITICAL3.6.0-r33.6.2-r0
libcrypto3CVE-2025-15467HIGH3.6.0-r33.6.1-r0
libcrypto3CVE-2025-69421HIGH3.6.0-r33.6.1-r0
libcrypto3CVE-2026-28386HIGH3.6.0-r33.6.2-r0
libcrypto3CVE-2026-28387HIGH3.6.0-r33.6.2-r0
libcrypto3CVE-2026-28388HIGH3.6.0-r33.6.2-r0
libcrypto3CVE-2026-28389HIGH3.6.0-r33.6.2-r0
libcrypto3CVE-2026-28390HIGH3.6.0-r33.6.2-r0
libcrypto3CVE-2026-45447HIGH3.6.0-r33.6.3-r0
libexpat1CVE-2026-25210HIGH2.7.3-r02.7.4-r0
libexpat1CVE-2026-45186HIGH2.7.3-r02.8.1-r0
libexpat1CVE-2026-56131HIGH2.7.3-r02.8.2-r0
libexpat1CVE-2026-56407HIGH2.7.3-r02.8.2-r0
libexpat1CVE-2026-56408HIGH2.7.3-r02.8.2-r0
libssl3CVE-2026-31789CRITICAL3.6.0-r33.6.2-r0
libssl3CVE-2025-15467HIGH3.6.0-r33.6.1-r0
libssl3CVE-2025-69421HIGH3.6.0-r33.6.1-r0
libssl3CVE-2026-28386HIGH3.6.0-r33.6.2-r0
libssl3CVE-2026-28387HIGH3.6.0-r33.6.2-r0
libssl3CVE-2026-28388HIGH3.6.0-r33.6.2-r0
libssl3CVE-2026-28389HIGH3.6.0-r33.6.2-r0
libssl3CVE-2026-28390HIGH3.6.0-r33.6.2-r0
libssl3CVE-2026-45447HIGH3.6.0-r33.6.3-r0

usr/local/bin/argocd

Vulnerabilities (41)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
github.com/argoproj/argo-cd/v2CVE-2026-45738HIGH2.14.21
github.com/expr-lang/exprCVE-2025-68156HIGHv1.17.01.17.7
github.com/go-git/go-billy/v5CVE-2026-44973HIGHv5.6.25.9.0
github.com/go-git/go-git/v5CVE-2026-45022HIGHv5.13.25.19.0
github.com/go-jose/go-jose/v4CVE-2026-34986HIGHv4.0.24.1.4
github.com/moby/spdystreamCVE-2026-35469HIGHv0.4.00.5.1
go.opentelemetry.io/otel/sdkCVE-2026-24051HIGHv1.33.01.40.0
go.opentelemetry.io/otel/sdkCVE-2026-39883HIGHv1.33.01.43.0
golang.org/x/cryptoCVE-2025-47913HIGHv0.37.00.43.0
golang.org/x/cryptoCVE-2026-39828HIGHv0.37.00.52.0
golang.org/x/cryptoCVE-2026-39829HIGHv0.37.00.52.0
golang.org/x/cryptoCVE-2026-39830HIGHv0.37.00.52.0
golang.org/x/cryptoCVE-2026-39831HIGHv0.37.00.52.0
golang.org/x/cryptoCVE-2026-39832HIGHv0.37.00.52.0
golang.org/x/cryptoCVE-2026-39835HIGHv0.37.00.52.0
golang.org/x/cryptoCVE-2026-42508HIGHv0.37.00.52.0
golang.org/x/cryptoCVE-2026-46595HIGHv0.37.00.52.0
golang.org/x/cryptoCVE-2026-46597HIGHv0.37.00.52.0
golang.org/x/netCVE-2026-25681HIGHv0.39.00.55.0
golang.org/x/netCVE-2026-27136HIGHv0.39.00.55.0
golang.org/x/netCVE-2026-33814HIGHv0.39.00.53.0
golang.org/x/netCVE-2026-39821HIGHv0.39.00.55.0
golang.org/x/oauth2CVE-2025-22868HIGHv0.24.00.27.0
google.golang.org/grpcCVE-2026-33186CRITICALv1.68.11.79.3
oras.land/oras-go/v2CVE-2026-50151HIGHv2.5.02.6.1
oras.land/oras-go/v2CVE-2026-50163HIGHv2.5.0
stdlibCVE-2025-68121CRITICALv1.24.61.24.13, 1.25.7, 1.26.0-rc.3
stdlibCVE-2025-61726HIGHv1.24.61.24.12, 1.25.6
stdlibCVE-2025-61729HIGHv1.24.61.24.11, 1.25.5
stdlibCVE-2026-25679HIGHv1.24.61.25.8, 1.26.1
stdlibCVE-2026-27145HIGHv1.24.61.25.11, 1.26.4
stdlibCVE-2026-32280HIGHv1.24.61.25.9, 1.26.2
stdlibCVE-2026-32281HIGHv1.24.61.25.9, 1.26.2
stdlibCVE-2026-32283HIGHv1.24.61.25.9, 1.26.2
stdlibCVE-2026-33811HIGHv1.24.61.25.10, 1.26.3
stdlibCVE-2026-33814HIGHv1.24.61.25.10, 1.26.3
stdlibCVE-2026-39820HIGHv1.24.61.25.10, 1.26.3
stdlibCVE-2026-39822HIGHv1.24.61.25.12, 1.26.5, 1.27.0-rc.2
stdlibCVE-2026-39836HIGHv1.24.61.25.10, 1.26.3
stdlibCVE-2026-42499HIGHv1.24.61.25.10, 1.26.3
stdlibCVE-2026-42504HIGHv1.24.61.25.11, 1.26.4

usr/local/bin/gpg-wrapper.sh

Vulnerabilities (16)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2025-68121CRITICALv1.21.131.24.13, 1.25.7, 1.26.0-rc.3
stdlibCVE-2024-34156HIGHv1.21.131.22.7, 1.23.1
stdlibCVE-2025-61726HIGHv1.21.131.24.12, 1.25.6
stdlibCVE-2025-61729HIGHv1.21.131.24.11, 1.25.5
stdlibCVE-2026-25679HIGHv1.21.131.25.8, 1.26.1
stdlibCVE-2026-27145HIGHv1.21.131.25.11, 1.26.4
stdlibCVE-2026-32280HIGHv1.21.131.25.9, 1.26.2
stdlibCVE-2026-32281HIGHv1.21.131.25.9, 1.26.2
stdlibCVE-2026-32283HIGHv1.21.131.25.9, 1.26.2
stdlibCVE-2026-33811HIGHv1.21.131.25.10, 1.26.3
stdlibCVE-2026-33814HIGHv1.21.131.25.10, 1.26.3
stdlibCVE-2026-39820HIGHv1.21.131.25.10, 1.26.3
stdlibCVE-2026-39822HIGHv1.21.131.25.12, 1.26.5, 1.27.0-rc.2
stdlibCVE-2026-39836HIGHv1.21.131.25.10, 1.26.3
stdlibCVE-2026-42499HIGHv1.21.131.25.10, 1.26.3
stdlibCVE-2026-42504HIGHv1.21.131.25.11, 1.26.4

usr/local/bin/helm

Vulnerabilities (41)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
github.com/containerd/containerdCVE-2024-25621HIGHv1.7.231.7.29
github.com/containerd/containerdCVE-2026-53488HIGHv1.7.231.7.33
github.com/docker/cliCVE-2025-15558HIGHv25.0.1+incompatible29.2.0
github.com/docker/dockerCVE-2026-34040HIGHv25.0.6+incompatible29.3.1
github.com/docker/dockerCVE-2026-41567HIGHv25.0.6+incompatible
github.com/docker/dockerCVE-2026-42306HIGHv25.0.6+incompatible
github.com/moby/spdystreamCVE-2026-35469HIGHv0.4.00.5.1
golang.org/x/cryptoCVE-2024-45337HIGHv0.27.00.31.0
golang.org/x/cryptoCVE-2025-22869HIGHv0.27.00.35.0
golang.org/x/cryptoCVE-2025-47913HIGHv0.27.00.43.0
golang.org/x/cryptoCVE-2026-39828HIGHv0.27.00.52.0
golang.org/x/cryptoCVE-2026-39829HIGHv0.27.00.52.0
golang.org/x/cryptoCVE-2026-39830HIGHv0.27.00.52.0
golang.org/x/cryptoCVE-2026-39831HIGHv0.27.00.52.0
golang.org/x/cryptoCVE-2026-39832HIGHv0.27.00.52.0
golang.org/x/cryptoCVE-2026-39835HIGHv0.27.00.52.0
golang.org/x/cryptoCVE-2026-42508HIGHv0.27.00.52.0
golang.org/x/cryptoCVE-2026-46595HIGHv0.27.00.52.0
golang.org/x/cryptoCVE-2026-46597HIGHv0.27.00.52.0
golang.org/x/netCVE-2024-45338HIGHv0.26.00.33.0
golang.org/x/netCVE-2026-25681HIGHv0.26.00.55.0
golang.org/x/netCVE-2026-27136HIGHv0.26.00.55.0
golang.org/x/netCVE-2026-33814HIGHv0.26.00.53.0
golang.org/x/netCVE-2026-39821HIGHv0.26.00.55.0
golang.org/x/oauth2CVE-2025-22868HIGHv0.21.00.27.0
google.golang.org/grpcCVE-2026-33186CRITICALv1.65.01.79.3
stdlibCVE-2025-68121CRITICALv1.22.71.24.13, 1.25.7, 1.26.0-rc.3
stdlibCVE-2025-61726HIGHv1.22.71.24.12, 1.25.6
stdlibCVE-2025-61729HIGHv1.22.71.24.11, 1.25.5
stdlibCVE-2026-25679HIGHv1.22.71.25.8, 1.26.1
stdlibCVE-2026-27145HIGHv1.22.71.25.11, 1.26.4
stdlibCVE-2026-32280HIGHv1.22.71.25.9, 1.26.2
stdlibCVE-2026-32281HIGHv1.22.71.25.9, 1.26.2
stdlibCVE-2026-32283HIGHv1.22.71.25.9, 1.26.2
stdlibCVE-2026-33811HIGHv1.22.71.25.10, 1.26.3
stdlibCVE-2026-33814HIGHv1.22.71.25.10, 1.26.3
stdlibCVE-2026-39820HIGHv1.22.71.25.10, 1.26.3
stdlibCVE-2026-39822HIGHv1.22.71.25.12, 1.26.5, 1.27.0-rc.2
stdlibCVE-2026-39836HIGHv1.22.71.25.10, 1.26.3
stdlibCVE-2026-42499HIGHv1.22.71.25.10, 1.26.3
stdlibCVE-2026-42504HIGHv1.22.71.25.11, 1.26.4

usr/local/bin/kustomize

Vulnerabilities (16)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2025-68121CRITICALv1.21.121.24.13, 1.25.7, 1.26.0-rc.3
stdlibCVE-2024-34156HIGHv1.21.121.22.7, 1.23.1
stdlibCVE-2025-61726HIGHv1.21.121.24.12, 1.25.6
stdlibCVE-2025-61729HIGHv1.21.121.24.11, 1.25.5
stdlibCVE-2026-25679HIGHv1.21.121.25.8, 1.26.1
stdlibCVE-2026-27145HIGHv1.21.121.25.11, 1.26.4
stdlibCVE-2026-32280HIGHv1.21.121.25.9, 1.26.2
stdlibCVE-2026-32281HIGHv1.21.121.25.9, 1.26.2
stdlibCVE-2026-32283HIGHv1.21.121.25.9, 1.26.2
stdlibCVE-2026-33811HIGHv1.21.121.25.10, 1.26.3
stdlibCVE-2026-33814HIGHv1.21.121.25.10, 1.26.3
stdlibCVE-2026-39820HIGHv1.21.121.25.10, 1.26.3
stdlibCVE-2026-39822HIGHv1.21.121.25.12, 1.26.5, 1.27.0-rc.2
stdlibCVE-2026-39836HIGHv1.21.121.25.10, 1.26.3
stdlibCVE-2026-42499HIGHv1.21.121.25.10, 1.26.3
stdlibCVE-2026-42504HIGHv1.21.121.25.11, 1.26.4

Akuity v2.13.9-distroless vs Argo CD v2.13.9

Full list of open source Argo CD vulnerabilities in this release

quay.io/akuity/argocd:v2.13.9-distroless

Vulnerabilities (12)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
busyboxCVE-2023-39810HIGH1.37.0-r501.37.0-r58
busyboxCVE-2026-26157HIGH1.37.0-r501.37.0-r58
busyboxCVE-2026-26158HIGH1.37.0-r501.37.0-r58
git-lfsCVE-2025-68121CRITICAL3.7.0-r13.7.1-r4
git-lfsCVE-2025-61726HIGH3.7.0-r13.7.1-r3
git-lfsCVE-2025-61731HIGH3.7.0-r13.7.1-r3
git-lfsCVE-2025-61732HIGH3.7.0-r13.7.1-r4
git-lfsCVE-2026-27140HIGH3.7.0-r13.7.1-r14
git-lfsCVE-2026-32280HIGH3.7.0-r13.7.1-r14
git-lfsCVE-2026-32281HIGH3.7.0-r13.7.1-r14
git-lfsCVE-2026-32283HIGH3.7.0-r13.7.1-r14
git-lfsCVE-2026-33814HIGH3.7.0-r13.7.1-r12

usr/local/bin/argocd

Vulnerabilities (46)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
github.com/argoproj/argo-cd/v2CVE-2025-59531HIGH2.13.92.14.20
github.com/argoproj/argo-cd/v2CVE-2025-59537HIGH2.13.92.14.20
github.com/argoproj/argo-cd/v2CVE-2025-59538HIGH2.13.92.14.20
github.com/argoproj/argo-cd/v2CVE-2026-45738HIGH2.13.9
github.com/expr-lang/exprCVE-2025-68156HIGHv1.17.21.17.7
github.com/go-git/go-billy/v5CVE-2026-44973HIGHv5.6.15.9.0
github.com/go-git/go-git/v5CVE-2026-45022HIGHv5.13.15.19.0
github.com/go-jose/go-jose/v4CVE-2026-34986HIGHv4.0.54.1.4
github.com/golang-jwt/jwtCVE-2025-30204HIGHv3.2.2+incompatible
github.com/moby/spdystreamCVE-2026-35469HIGHv0.4.00.5.1
go.opentelemetry.io/otel/sdkCVE-2026-24051HIGHv1.30.01.40.0
go.opentelemetry.io/otel/sdkCVE-2026-39883HIGHv1.30.01.43.0
golang.org/x/cryptoCVE-2025-22869HIGHv0.32.00.35.0
golang.org/x/cryptoCVE-2025-47913HIGHv0.32.00.43.0
golang.org/x/cryptoCVE-2026-39828HIGHv0.32.00.52.0
golang.org/x/cryptoCVE-2026-39829HIGHv0.32.00.52.0
golang.org/x/cryptoCVE-2026-39830HIGHv0.32.00.52.0
golang.org/x/cryptoCVE-2026-39831HIGHv0.32.00.52.0
golang.org/x/cryptoCVE-2026-39832HIGHv0.32.00.52.0
golang.org/x/cryptoCVE-2026-39835HIGHv0.32.00.52.0
golang.org/x/cryptoCVE-2026-42508HIGHv0.32.00.52.0
golang.org/x/cryptoCVE-2026-46595HIGHv0.32.00.52.0
golang.org/x/cryptoCVE-2026-46597HIGHv0.32.00.52.0
golang.org/x/netCVE-2026-25681HIGHv0.33.00.55.0
golang.org/x/netCVE-2026-27136HIGHv0.33.00.55.0
golang.org/x/netCVE-2026-33814HIGHv0.33.00.53.0
golang.org/x/netCVE-2026-39821HIGHv0.33.00.55.0
golang.org/x/oauth2CVE-2025-22868HIGHv0.23.00.27.0
google.golang.org/grpcCVE-2026-33186CRITICALv1.66.21.79.3
oras.land/oras-go/v2CVE-2026-50151HIGHv2.5.02.6.1
oras.land/oras-go/v2CVE-2026-50163HIGHv2.5.0
stdlibCVE-2025-68121CRITICALv1.23.11.24.13, 1.25.7, 1.26.0-rc.3
stdlibCVE-2025-61726HIGHv1.23.11.24.12, 1.25.6
stdlibCVE-2025-61729HIGHv1.23.11.24.11, 1.25.5
stdlibCVE-2026-25679HIGHv1.23.11.25.8, 1.26.1
stdlibCVE-2026-27145HIGHv1.23.11.25.11, 1.26.4
stdlibCVE-2026-32280HIGHv1.23.11.25.9, 1.26.2
stdlibCVE-2026-32281HIGHv1.23.11.25.9, 1.26.2
stdlibCVE-2026-32283HIGHv1.23.11.25.9, 1.26.2
stdlibCVE-2026-33811HIGHv1.23.11.25.10, 1.26.3
stdlibCVE-2026-33814HIGHv1.23.11.25.10, 1.26.3
stdlibCVE-2026-39820HIGHv1.23.11.25.10, 1.26.3
stdlibCVE-2026-39822HIGHv1.23.11.25.12, 1.26.5, 1.27.0-rc.2
stdlibCVE-2026-39836HIGHv1.23.11.25.10, 1.26.3
stdlibCVE-2026-42499HIGHv1.23.11.25.10, 1.26.3
stdlibCVE-2026-42504HIGHv1.23.11.25.11, 1.26.4

usr/local/bin/gpg-wrapper.sh

Vulnerabilities (16)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2025-68121CRITICALv1.21.131.24.13, 1.25.7, 1.26.0-rc.3
stdlibCVE-2024-34156HIGHv1.21.131.22.7, 1.23.1
stdlibCVE-2025-61726HIGHv1.21.131.24.12, 1.25.6
stdlibCVE-2025-61729HIGHv1.21.131.24.11, 1.25.5
stdlibCVE-2026-25679HIGHv1.21.131.25.8, 1.26.1
stdlibCVE-2026-27145HIGHv1.21.131.25.11, 1.26.4
stdlibCVE-2026-32280HIGHv1.21.131.25.9, 1.26.2
stdlibCVE-2026-32281HIGHv1.21.131.25.9, 1.26.2
stdlibCVE-2026-32283HIGHv1.21.131.25.9, 1.26.2
stdlibCVE-2026-33811HIGHv1.21.131.25.10, 1.26.3
stdlibCVE-2026-33814HIGHv1.21.131.25.10, 1.26.3
stdlibCVE-2026-39820HIGHv1.21.131.25.10, 1.26.3
stdlibCVE-2026-39822HIGHv1.21.131.25.12, 1.26.5, 1.27.0-rc.2
stdlibCVE-2026-39836HIGHv1.21.131.25.10, 1.26.3
stdlibCVE-2026-42499HIGHv1.21.131.25.10, 1.26.3
stdlibCVE-2026-42504HIGHv1.21.131.25.11, 1.26.4

usr/local/bin/helm

Vulnerabilities (42)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
github.com/containerd/containerdCVE-2024-25621HIGHv1.7.121.7.29
github.com/containerd/containerdCVE-2026-53488HIGHv1.7.121.7.33
github.com/docker/cliCVE-2025-15558HIGHv25.0.1+incompatible29.2.0
github.com/docker/dockerCVE-2026-34040HIGHv25.0.6+incompatible29.3.1
github.com/docker/dockerCVE-2026-41567HIGHv25.0.6+incompatible
github.com/docker/dockerCVE-2026-42306HIGHv25.0.6+incompatible
github.com/moby/spdystreamCVE-2026-35469HIGHv0.2.00.5.1
golang.org/x/cryptoCVE-2024-45337HIGHv0.25.00.31.0
golang.org/x/cryptoCVE-2025-22869HIGHv0.25.00.35.0
golang.org/x/cryptoCVE-2025-47913HIGHv0.25.00.43.0
golang.org/x/cryptoCVE-2026-39828HIGHv0.25.00.52.0
golang.org/x/cryptoCVE-2026-39829HIGHv0.25.00.52.0
golang.org/x/cryptoCVE-2026-39830HIGHv0.25.00.52.0
golang.org/x/cryptoCVE-2026-39831HIGHv0.25.00.52.0
golang.org/x/cryptoCVE-2026-39832HIGHv0.25.00.52.0
golang.org/x/cryptoCVE-2026-39835HIGHv0.25.00.52.0
golang.org/x/cryptoCVE-2026-42508HIGHv0.25.00.52.0
golang.org/x/cryptoCVE-2026-46595HIGHv0.25.00.52.0
golang.org/x/cryptoCVE-2026-46597HIGHv0.25.00.52.0
golang.org/x/netCVE-2024-45338HIGHv0.23.00.33.0
golang.org/x/netCVE-2026-25681HIGHv0.23.00.55.0
golang.org/x/netCVE-2026-27136HIGHv0.23.00.55.0
golang.org/x/netCVE-2026-33814HIGHv0.23.00.53.0
golang.org/x/netCVE-2026-39821HIGHv0.23.00.55.0
golang.org/x/oauth2CVE-2025-22868HIGHv0.10.00.27.0
google.golang.org/grpcCVE-2026-33186CRITICALv1.58.31.79.3
stdlibCVE-2025-68121CRITICALv1.22.61.24.13, 1.25.7, 1.26.0-rc.3
stdlibCVE-2024-34156HIGHv1.22.61.22.7, 1.23.1
stdlibCVE-2025-61726HIGHv1.22.61.24.12, 1.25.6
stdlibCVE-2025-61729HIGHv1.22.61.24.11, 1.25.5
stdlibCVE-2026-25679HIGHv1.22.61.25.8, 1.26.1
stdlibCVE-2026-27145HIGHv1.22.61.25.11, 1.26.4
stdlibCVE-2026-32280HIGHv1.22.61.25.9, 1.26.2
stdlibCVE-2026-32281HIGHv1.22.61.25.9, 1.26.2
stdlibCVE-2026-32283HIGHv1.22.61.25.9, 1.26.2
stdlibCVE-2026-33811HIGHv1.22.61.25.10, 1.26.3
stdlibCVE-2026-33814HIGHv1.22.61.25.10, 1.26.3
stdlibCVE-2026-39820HIGHv1.22.61.25.10, 1.26.3
stdlibCVE-2026-39822HIGHv1.22.61.25.12, 1.26.5, 1.27.0-rc.2
stdlibCVE-2026-39836HIGHv1.22.61.25.10, 1.26.3
stdlibCVE-2026-42499HIGHv1.22.61.25.10, 1.26.3
stdlibCVE-2026-42504HIGHv1.22.61.25.11, 1.26.4

usr/local/bin/kustomize

Vulnerabilities (16)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2025-68121CRITICALv1.21.121.24.13, 1.25.7, 1.26.0-rc.3
stdlibCVE-2024-34156HIGHv1.21.121.22.7, 1.23.1
stdlibCVE-2025-61726HIGHv1.21.121.24.12, 1.25.6
stdlibCVE-2025-61729HIGHv1.21.121.24.11, 1.25.5
stdlibCVE-2026-25679HIGHv1.21.121.25.8, 1.26.1
stdlibCVE-2026-27145HIGHv1.21.121.25.11, 1.26.4
stdlibCVE-2026-32280HIGHv1.21.121.25.9, 1.26.2
stdlibCVE-2026-32281HIGHv1.21.121.25.9, 1.26.2
stdlibCVE-2026-32283HIGHv1.21.121.25.9, 1.26.2
stdlibCVE-2026-33811HIGHv1.21.121.25.10, 1.26.3
stdlibCVE-2026-33814HIGHv1.21.121.25.10, 1.26.3
stdlibCVE-2026-39820HIGHv1.21.121.25.10, 1.26.3
stdlibCVE-2026-39822HIGHv1.21.121.25.12, 1.26.5, 1.27.0-rc.2
stdlibCVE-2026-39836HIGHv1.21.121.25.10, 1.26.3
stdlibCVE-2026-42499HIGHv1.21.121.25.10, 1.26.3
stdlibCVE-2026-42504HIGHv1.21.121.25.11, 1.26.4

Akuity v2.12.13-distroless vs Argo CD v2.12.13

Full list of open source Argo CD vulnerabilities in this release

quay.io/akuity/argocd:v2.12.13-distroless

Vulnerabilities (36)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
busyboxCVE-2023-39810HIGH1.37.0-r501.37.0-r58
busyboxCVE-2026-26157HIGH1.37.0-r501.37.0-r58
busyboxCVE-2026-26158HIGH1.37.0-r501.37.0-r58
git-lfsCVE-2025-68121CRITICAL3.7.0-r13.7.1-r4
git-lfsCVE-2025-61726HIGH3.7.0-r13.7.1-r3
git-lfsCVE-2025-61731HIGH3.7.0-r13.7.1-r3
git-lfsCVE-2025-61732HIGH3.7.0-r13.7.1-r4
git-lfsCVE-2026-27140HIGH3.7.0-r13.7.1-r14
git-lfsCVE-2026-32280HIGH3.7.0-r13.7.1-r14
git-lfsCVE-2026-32281HIGH3.7.0-r13.7.1-r14
git-lfsCVE-2026-32283HIGH3.7.0-r13.7.1-r14
git-lfsCVE-2026-33814HIGH3.7.0-r13.7.1-r12
libcrypto3CVE-2026-31789CRITICAL3.5.2-r13.6.2-r0
libcrypto3CVE-2025-15467HIGH3.5.2-r13.6.1-r0
libcrypto3CVE-2025-69421HIGH3.5.2-r13.6.1-r0
libcrypto3CVE-2026-28386HIGH3.5.2-r13.6.2-r0
libcrypto3CVE-2026-28387HIGH3.5.2-r13.6.2-r0
libcrypto3CVE-2026-28388HIGH3.5.2-r13.6.2-r0
libcrypto3CVE-2026-28389HIGH3.5.2-r13.6.2-r0
libcrypto3CVE-2026-28390HIGH3.5.2-r13.6.2-r0
libcrypto3CVE-2026-45447HIGH3.5.2-r13.6.3-r0
libexpat1CVE-2025-59375HIGH2.7.1-r32.7.2-r0
libexpat1CVE-2026-25210HIGH2.7.1-r32.7.4-r0
libexpat1CVE-2026-45186HIGH2.7.1-r32.8.1-r0
libexpat1CVE-2026-56131HIGH2.7.1-r32.8.2-r0
libexpat1CVE-2026-56407HIGH2.7.1-r32.8.2-r0
libexpat1CVE-2026-56408HIGH2.7.1-r32.8.2-r0
libssl3CVE-2026-31789CRITICAL3.5.2-r13.6.2-r0
libssl3CVE-2025-15467HIGH3.5.2-r13.6.1-r0
libssl3CVE-2025-69421HIGH3.5.2-r13.6.1-r0
libssl3CVE-2026-28386HIGH3.5.2-r13.6.2-r0
libssl3CVE-2026-28387HIGH3.5.2-r13.6.2-r0
libssl3CVE-2026-28388HIGH3.5.2-r13.6.2-r0
libssl3CVE-2026-28389HIGH3.5.2-r13.6.2-r0
libssl3CVE-2026-28390HIGH3.5.2-r13.6.2-r0
libssl3CVE-2026-45447HIGH3.5.2-r13.6.3-r0

usr/local/bin/argocd

Vulnerabilities (50)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
github.com/argoproj/argo-cd/v2CVE-2025-47933CRITICAL2.12.132.13.8, 2.14.13
github.com/argoproj/argo-cd/v2CVE-2025-59531HIGH2.12.132.14.20
github.com/argoproj/argo-cd/v2CVE-2025-59537HIGH2.12.132.14.20
github.com/argoproj/argo-cd/v2CVE-2025-59538HIGH2.12.132.14.20
github.com/argoproj/argo-cd/v2CVE-2026-45738HIGH2.12.13
github.com/expr-lang/exprCVE-2025-68156HIGHv1.17.21.17.7
github.com/go-git/go-billy/v5CVE-2026-44973HIGHv5.6.15.9.0
github.com/go-git/go-git/v5CVE-2026-45022HIGHv5.13.15.19.0
github.com/go-jose/go-jose/v3CVE-2026-34986HIGHv3.0.33.0.5
github.com/golang-jwt/jwtCVE-2025-30204HIGHv3.2.2+incompatible
github.com/moby/spdystreamCVE-2026-35469HIGHv0.2.00.5.1
go.opentelemetry.io/otel/sdkCVE-2026-24051HIGHv1.21.01.40.0
go.opentelemetry.io/otel/sdkCVE-2026-39883HIGHv1.21.01.43.0
golang.org/x/cryptoCVE-2025-22869HIGHv0.31.00.35.0
golang.org/x/cryptoCVE-2025-47913HIGHv0.31.00.43.0
golang.org/x/cryptoCVE-2026-39828HIGHv0.31.00.52.0
golang.org/x/cryptoCVE-2026-39829HIGHv0.31.00.52.0
golang.org/x/cryptoCVE-2026-39830HIGHv0.31.00.52.0
golang.org/x/cryptoCVE-2026-39831HIGHv0.31.00.52.0
golang.org/x/cryptoCVE-2026-39832HIGHv0.31.00.52.0
golang.org/x/cryptoCVE-2026-39835HIGHv0.31.00.52.0
golang.org/x/cryptoCVE-2026-42508HIGHv0.31.00.52.0
golang.org/x/cryptoCVE-2026-46595HIGHv0.31.00.52.0
golang.org/x/cryptoCVE-2026-46597HIGHv0.31.00.52.0
golang.org/x/netCVE-2026-25681HIGHv0.33.00.55.0
golang.org/x/netCVE-2026-27136HIGHv0.33.00.55.0
golang.org/x/netCVE-2026-33814HIGHv0.33.00.53.0
golang.org/x/netCVE-2026-39821HIGHv0.33.00.55.0
golang.org/x/oauth2CVE-2025-22868HIGHv0.12.00.27.0
google.golang.org/grpcCVE-2026-33186CRITICALv1.59.01.79.3
k8s.io/kubernetesCVE-2024-10220HIGHv1.29.61.28.12, 1.29.7, 1.30.3
k8s.io/kubernetesCVE-2024-5321HIGHv1.29.61.27.16, 1.28.12, 1.29.7, 1.30.3
oras.land/oras-go/v2CVE-2026-50151HIGHv2.3.02.6.1
oras.land/oras-go/v2CVE-2026-50163HIGHv2.3.0
stdlibCVE-2025-68121CRITICALv1.22.41.24.13, 1.25.7, 1.26.0-rc.3
stdlibCVE-2024-34156HIGHv1.22.41.22.7, 1.23.1
stdlibCVE-2025-61726HIGHv1.22.41.24.12, 1.25.6
stdlibCVE-2025-61729HIGHv1.22.41.24.11, 1.25.5
stdlibCVE-2026-25679HIGHv1.22.41.25.8, 1.26.1
stdlibCVE-2026-27145HIGHv1.22.41.25.11, 1.26.4
stdlibCVE-2026-32280HIGHv1.22.41.25.9, 1.26.2
stdlibCVE-2026-32281HIGHv1.22.41.25.9, 1.26.2
stdlibCVE-2026-32283HIGHv1.22.41.25.9, 1.26.2
stdlibCVE-2026-33811HIGHv1.22.41.25.10, 1.26.3
stdlibCVE-2026-33814HIGHv1.22.41.25.10, 1.26.3
stdlibCVE-2026-39820HIGHv1.22.41.25.10, 1.26.3
stdlibCVE-2026-39822HIGHv1.22.41.25.12, 1.26.5, 1.27.0-rc.2
stdlibCVE-2026-39836HIGHv1.22.41.25.10, 1.26.3
stdlibCVE-2026-42499HIGHv1.22.41.25.10, 1.26.3
stdlibCVE-2026-42504HIGHv1.22.41.25.11, 1.26.4

usr/local/bin/gpg-wrapper.sh

Vulnerabilities (16)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2025-68121CRITICALv1.21.131.24.13, 1.25.7, 1.26.0-rc.3
stdlibCVE-2024-34156HIGHv1.21.131.22.7, 1.23.1
stdlibCVE-2025-61726HIGHv1.21.131.24.12, 1.25.6
stdlibCVE-2025-61729HIGHv1.21.131.24.11, 1.25.5
stdlibCVE-2026-25679HIGHv1.21.131.25.8, 1.26.1
stdlibCVE-2026-27145HIGHv1.21.131.25.11, 1.26.4
stdlibCVE-2026-32280HIGHv1.21.131.25.9, 1.26.2
stdlibCVE-2026-32281HIGHv1.21.131.25.9, 1.26.2
stdlibCVE-2026-32283HIGHv1.21.131.25.9, 1.26.2
stdlibCVE-2026-33811HIGHv1.21.131.25.10, 1.26.3
stdlibCVE-2026-33814HIGHv1.21.131.25.10, 1.26.3
stdlibCVE-2026-39820HIGHv1.21.131.25.10, 1.26.3
stdlibCVE-2026-39822HIGHv1.21.131.25.12, 1.26.5, 1.27.0-rc.2
stdlibCVE-2026-39836HIGHv1.21.131.25.10, 1.26.3
stdlibCVE-2026-42499HIGHv1.21.131.25.10, 1.26.3
stdlibCVE-2026-42504HIGHv1.21.131.25.11, 1.26.4

usr/local/bin/helm

Vulnerabilities (43)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
github.com/containerd/containerdCVE-2024-25621HIGHv1.7.121.7.29
github.com/containerd/containerdCVE-2026-53488HIGHv1.7.121.7.33
github.com/docker/cliCVE-2025-15558HIGHv25.0.1+incompatible29.2.0
github.com/docker/dockerCVE-2024-41110CRITICALv25.0.5+incompatible23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/docker/dockerCVE-2026-34040HIGHv25.0.5+incompatible29.3.1
github.com/docker/dockerCVE-2026-41567HIGHv25.0.5+incompatible
github.com/docker/dockerCVE-2026-42306HIGHv25.0.5+incompatible
github.com/moby/spdystreamCVE-2026-35469HIGHv0.2.00.5.1
golang.org/x/cryptoCVE-2024-45337HIGHv0.21.00.31.0
golang.org/x/cryptoCVE-2025-22869HIGHv0.21.00.35.0
golang.org/x/cryptoCVE-2025-47913HIGHv0.21.00.43.0
golang.org/x/cryptoCVE-2026-39828HIGHv0.21.00.52.0
golang.org/x/cryptoCVE-2026-39829HIGHv0.21.00.52.0
golang.org/x/cryptoCVE-2026-39830HIGHv0.21.00.52.0
golang.org/x/cryptoCVE-2026-39831HIGHv0.21.00.52.0
golang.org/x/cryptoCVE-2026-39832HIGHv0.21.00.52.0
golang.org/x/cryptoCVE-2026-39835HIGHv0.21.00.52.0
golang.org/x/cryptoCVE-2026-42508HIGHv0.21.00.52.0
golang.org/x/cryptoCVE-2026-46595HIGHv0.21.00.52.0
golang.org/x/cryptoCVE-2026-46597HIGHv0.21.00.52.0
golang.org/x/netCVE-2024-45338HIGHv0.23.00.33.0
golang.org/x/netCVE-2026-25681HIGHv0.23.00.55.0
golang.org/x/netCVE-2026-27136HIGHv0.23.00.55.0
golang.org/x/netCVE-2026-33814HIGHv0.23.00.53.0
golang.org/x/netCVE-2026-39821HIGHv0.23.00.55.0
golang.org/x/oauth2CVE-2025-22868HIGHv0.10.00.27.0
google.golang.org/grpcCVE-2026-33186CRITICALv1.58.31.79.3
stdlibCVE-2025-68121CRITICALv1.22.41.24.13, 1.25.7, 1.26.0-rc.3
stdlibCVE-2024-34156HIGHv1.22.41.22.7, 1.23.1
stdlibCVE-2025-61726HIGHv1.22.41.24.12, 1.25.6
stdlibCVE-2025-61729HIGHv1.22.41.24.11, 1.25.5
stdlibCVE-2026-25679HIGHv1.22.41.25.8, 1.26.1
stdlibCVE-2026-27145HIGHv1.22.41.25.11, 1.26.4
stdlibCVE-2026-32280HIGHv1.22.41.25.9, 1.26.2
stdlibCVE-2026-32281HIGHv1.22.41.25.9, 1.26.2
stdlibCVE-2026-32283HIGHv1.22.41.25.9, 1.26.2
stdlibCVE-2026-33811HIGHv1.22.41.25.10, 1.26.3
stdlibCVE-2026-33814HIGHv1.22.41.25.10, 1.26.3
stdlibCVE-2026-39820HIGHv1.22.41.25.10, 1.26.3
stdlibCVE-2026-39822HIGHv1.22.41.25.12, 1.26.5, 1.27.0-rc.2
stdlibCVE-2026-39836HIGHv1.22.41.25.10, 1.26.3
stdlibCVE-2026-42499HIGHv1.22.41.25.10, 1.26.3
stdlibCVE-2026-42504HIGHv1.22.41.25.11, 1.26.4

usr/local/bin/kustomize

Vulnerabilities (17)
The below table displays CRITICAL and HIGH severence vulnerabilities only
PackageIDSeverityInstalled VersionFixed Version
stdlibCVE-2024-24790CRITICALv1.21.101.21.11, 1.22.4
stdlibCVE-2025-68121CRITICALv1.21.101.24.13, 1.25.7, 1.26.0-rc.3
stdlibCVE-2024-34156HIGHv1.21.101.22.7, 1.23.1
stdlibCVE-2025-61726HIGHv1.21.101.24.12, 1.25.6
stdlibCVE-2025-61729HIGHv1.21.101.24.11, 1.25.5
stdlibCVE-2026-25679HIGHv1.21.101.25.8, 1.26.1
stdlibCVE-2026-27145HIGHv1.21.101.25.11, 1.26.4
stdlibCVE-2026-32280HIGHv1.21.101.25.9, 1.26.2
stdlibCVE-2026-32281HIGHv1.21.101.25.9, 1.26.2
stdlibCVE-2026-32283HIGHv1.21.101.25.9, 1.26.2
stdlibCVE-2026-33811HIGHv1.21.101.25.10, 1.26.3
stdlibCVE-2026-33814HIGHv1.21.101.25.10, 1.26.3
stdlibCVE-2026-39820HIGHv1.21.101.25.10, 1.26.3
stdlibCVE-2026-39822HIGHv1.21.101.25.12, 1.26.5, 1.27.0-rc.2
stdlibCVE-2026-39836HIGHv1.21.101.25.10, 1.26.3
stdlibCVE-2026-42499HIGHv1.21.101.25.10, 1.26.3
stdlibCVE-2026-42504HIGHv1.21.101.25.11, 1.26.4