Argo CD Security-Hardened Images

Security Scan 2025-01-20

Argo CD security-hardened images include precisely what is needed to run Argo CD. As a result, we build smaller-sized images with a reduced number of CVEs. By not including a package manager and inserting the needed runtime dependencies, the attack surface is significantly reduced.

Below you will find the weekly-updated security scans of Akuity's security-hardened Argo CD images compared with the open source images.

---

Akuity v2.13.3-distroless vs Argo CD v2.13.3

Full list of open source Argo CD vulnerabilities in this release

quay.io/akuity/argocd:v2.13.3-distroless

Vulnerabilities (0)

usr/local/bin/argocd

Vulnerabilities (4)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.27.0	0.31.0
golang.org/x/net	CVE-2024-45338	HIGH	v0.29.0	0.33.0

usr/local/bin/gpg-wrapper.sh

Vulnerabilities (1)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
stdlib	CVE-2024-34156	HIGH	v1.21.13	1.22.7, 1.23.1

usr/local/bin/helm

Vulnerabilities (3)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.25.0	0.31.0
golang.org/x/net	CVE-2024-45338	HIGH	v0.23.0	0.33.0
stdlib	CVE-2024-34156	HIGH	v1.22.6	1.22.7, 1.23.1

usr/local/bin/kustomize

Vulnerabilities (1)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
stdlib	CVE-2024-34156	HIGH	v1.21.12	1.22.7, 1.23.1

---

Akuity v2.12.9-distroless vs Argo CD v2.12.9

Full list of open source Argo CD vulnerabilities in this release

quay.io/akuity/argocd:v2.12.9-distroless

Vulnerabilities (0)

usr/local/bin/argocd

Vulnerabilities (7)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.23.0	0.31.0
golang.org/x/net	CVE-2024-45338	HIGH	v0.25.0	0.33.0
k8s.io/kubernetes	CVE-2024-10220	HIGH	v1.29.6	1.28.12, 1.29.7, 1.30.3
k8s.io/kubernetes	CVE-2024-5321	HIGH	v1.29.6	1.27.16, 1.28.12, 1.29.7, 1.30.3
stdlib	CVE-2024-34156	HIGH	v1.22.4	1.22.7, 1.23.1

usr/local/bin/gpg-wrapper.sh

Vulnerabilities (1)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
stdlib	CVE-2024-34156	HIGH	v1.21.13	1.22.7, 1.23.1

usr/local/bin/helm

Vulnerabilities (4)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
github.com/docker/docker	CVE-2024-41110	CRITICAL	v25.0.5+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.21.0	0.31.0
golang.org/x/net	CVE-2024-45338	HIGH	v0.23.0	0.33.0
stdlib	CVE-2024-34156	HIGH	v1.22.4	1.22.7, 1.23.1

usr/local/bin/kustomize

Vulnerabilities (2)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
stdlib	CVE-2024-24790	CRITICAL	v1.21.10	1.21.11, 1.22.4
stdlib	CVE-2024-34156	HIGH	v1.21.10	1.22.7, 1.23.1

---

Akuity v2.11.12-distroless vs Argo CD v2.11.12

Full list of open source Argo CD vulnerabilities in this release

quay.io/akuity/argocd:v2.11.12-distroless

Vulnerabilities (2)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
git-lfs	CVE-2024-45337	HIGH	3.5.1-r8	3.6.0-r3
git-lfs	CVE-2024-45338	HIGH	3.5.1-r8	3.6.0-r4

usr/local/bin/argocd

Vulnerabilities (10)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
github.com/cloudflare/circl	GHSA-9763-4f94-gfch	HIGH	v1.3.3	1.3.7
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.11.0	5.13.0
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.11.0	5.13.0
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.19.0	0.31.0
golang.org/x/net	CVE-2024-45338	HIGH	v0.19.0	0.33.0
k8s.io/kubernetes	CVE-2024-0793	HIGH	v1.26.11	1.27.0-alpha.1
k8s.io/kubernetes	CVE-2024-10220	HIGH	v1.26.11	1.28.12, 1.29.7, 1.30.3
k8s.io/kubernetes	CVE-2024-5321	HIGH	v1.26.11	1.27.16, 1.28.12, 1.29.7, 1.30.3
stdlib	CVE-2024-24790	CRITICAL	v1.21.10	1.21.11, 1.22.4
stdlib	CVE-2024-34156	HIGH	v1.21.10	1.22.7, 1.23.1

usr/local/bin/gpg-wrapper.sh

Vulnerabilities (1)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
stdlib	CVE-2024-34156	HIGH	v1.21.13	1.22.7, 1.23.1

usr/local/bin/helm

Vulnerabilities (5)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
github.com/docker/docker	CVE-2024-41110	CRITICAL	v24.0.9+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.17.0	0.31.0
golang.org/x/net	CVE-2024-45338	HIGH	v0.17.0	0.33.0
stdlib	CVE-2024-24790	CRITICAL	v1.21.9	1.21.11, 1.22.4
stdlib	CVE-2024-34156	HIGH	v1.21.9	1.22.7, 1.23.1

usr/local/bin/kustomize

Vulnerabilities (4)

The below table displays CRITICAL and HIGH severence vulnerabilities only

Package	ID	Severity	Installed Version	Fixed Version
stdlib	CVE-2024-24790	CRITICAL	v1.20.10	1.21.11, 1.22.4
stdlib	CVE-2023-45283	HIGH	v1.20.10	1.20.11, 1.21.4, 1.20.12, 1.21.5
stdlib	CVE-2023-45288	HIGH	v1.20.10	1.21.9, 1.22.2
stdlib	CVE-2024-34156	HIGH	v1.20.10	1.22.7, 1.23.1

---