Argo CD Security-Hardened Images
Security Scan 2025-02-17
Argo CD security-hardened images include precisely what is needed to run Argo CD. As a result, we build smaller-sized images with a reduced number of CVEs. By not including a package manager and inserting the needed runtime dependencies, the attack surface is significantly reduced.
Below you will find the weekly-updated security scans of Akuity's security-hardened Argo CD images compared with the open source images.
Akuity v2.14.2-distroless vs Argo CD v2.14.2
Full list of open source Argo CD vulnerabilities in this release
quay.io/akuity/argocd:v2.14.2-distroless
Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
libcrypto3 | CVE-2024-12797 | HIGH | 3.4.0-r6 | 3.4.1-r0 |
libssl3 | CVE-2024-12797 | HIGH | 3.4.0-r6 | 3.4.1-r0 |
usr/local/bin/argocd
Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
github.com/go-git/go-git/v5 | CVE-2025-21613 | CRITICAL | v5.12.0 | 5.13.0 |
github.com/go-git/go-git/v5 | CVE-2025-21614 | HIGH | v5.12.0 | 5.13.0 |
usr/local/bin/gpg-wrapper.sh
Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-34156 | HIGH | v1.21.13 | 1.22.7, 1.23.1 |
usr/local/bin/helm
Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
golang.org/x/crypto | CVE-2024-45337 | CRITICAL | v0.27.0 | 0.31.0 |
golang.org/x/net | CVE-2024-45338 | HIGH | v0.26.0 | 0.33.0 |
usr/local/bin/kustomize
Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-34156 | HIGH | v1.21.12 | 1.22.7, 1.23.1 |
Akuity v2.13.5-distroless vs Argo CD v2.13.5
Full list of open source Argo CD vulnerabilities in this release
quay.io/akuity/argocd:v2.13.5-distroless
Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
libcrypto3 | CVE-2024-12797 | HIGH | 3.4.0-r6 | 3.4.1-r0 |
libssl3 | CVE-2024-12797 | HIGH | 3.4.0-r6 | 3.4.1-r0 |
usr/local/bin/argocd
Vulnerabilities (0)
usr/local/bin/gpg-wrapper.sh
Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-34156 | HIGH | v1.21.13 | 1.22.7, 1.23.1 |
usr/local/bin/helm
Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
golang.org/x/crypto | CVE-2024-45337 | CRITICAL | v0.25.0 | 0.31.0 |
golang.org/x/net | CVE-2024-45338 | HIGH | v0.23.0 | 0.33.0 |
stdlib | CVE-2024-34156 | HIGH | v1.22.6 | 1.22.7, 1.23.1 |
usr/local/bin/kustomize
Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-34156 | HIGH | v1.21.12 | 1.22.7, 1.23.1 |
Akuity v2.12.10-distroless vs Argo CD v2.12.10
Full list of open source Argo CD vulnerabilities in this release
quay.io/akuity/argocd:v2.12.10-distroless
Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
libcrypto3 | CVE-2024-12797 | HIGH | 3.4.0-r6 | 3.4.1-r0 |
libssl3 | CVE-2024-12797 | HIGH | 3.4.0-r6 | 3.4.1-r0 |
usr/local/bin/argocd
Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
k8s.io/kubernetes | CVE-2024-10220 | HIGH | v1.29.6 | 1.28.12, 1.29.7, 1.30.3 |
k8s.io/kubernetes | CVE-2024-5321 | HIGH | v1.29.6 | 1.27.16, 1.28.12, 1.29.7, 1.30.3 |
stdlib | CVE-2024-34156 | HIGH | v1.22.4 | 1.22.7, 1.23.1 |
usr/local/bin/gpg-wrapper.sh
Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-34156 | HIGH | v1.21.13 | 1.22.7, 1.23.1 |
usr/local/bin/helm
Vulnerabilities (4)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
github.com/docker/docker | CVE-2024-41110 | CRITICAL | v25.0.5+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 |
golang.org/x/crypto | CVE-2024-45337 | CRITICAL | v0.21.0 | 0.31.0 |
golang.org/x/net | CVE-2024-45338 | HIGH | v0.23.0 | 0.33.0 |
stdlib | CVE-2024-34156 | HIGH | v1.22.4 | 1.22.7, 1.23.1 |
usr/local/bin/kustomize
Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-24790 | CRITICAL | v1.21.10 | 1.21.11, 1.22.4 |
stdlib | CVE-2024-34156 | HIGH | v1.21.10 | 1.22.7, 1.23.1 |