Argo CD Security-Hardened Images
Security Scan 2025-06-16
Argo CD security-hardened images include precisely what is needed to run Argo CD. As a result, we build smaller-sized images with a reduced number of CVEs. By not including a package manager and inserting the needed runtime dependencies, the attack surface is significantly reduced.
Below you will find the weekly-updated security scans of Akuity's security-hardened Argo CD images compared with the open source images.
Akuity v2.14.14-distroless vs Argo CD v2.14.14
Full list of open source Argo CD vulnerabilities in this release
quay.io/akuity/argocd:v2.14.14-distroless
Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
git-lfs | CVE-2025-22874 | HIGH | 3.6.1-r7 | 3.6.1-r8 |
usr/local/bin/argocd
Vulnerabilities (0)
usr/local/bin/gpg-wrapper.sh
Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-34156 | HIGH | v1.21.13 | 1.22.7, 1.23.1 |
stdlib | CVE-2025-22874 | HIGH | v1.21.13 | 1.23.10, 1.24.4 |
usr/local/bin/helm
Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
golang.org/x/crypto | CVE-2024-45337 | CRITICAL | v0.27.0 | 0.31.0 |
golang.org/x/crypto | CVE-2025-22869 | HIGH | v0.27.0 | 0.35.0 |
stdlib | CVE-2025-22874 | HIGH | v1.22.7 | 1.23.10, 1.24.4 |
usr/local/bin/kustomize
Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-34156 | HIGH | v1.21.12 | 1.22.7, 1.23.1 |
stdlib | CVE-2025-22874 | HIGH | v1.21.12 | 1.23.10, 1.24.4 |
Akuity v2.13.8-distroless vs Argo CD v2.13.8
Full list of open source Argo CD vulnerabilities in this release
quay.io/akuity/argocd:v2.13.8-distroless
Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
git-lfs | CVE-2025-22874 | HIGH | 3.6.1-r7 | 3.6.1-r8 |
usr/local/bin/argocd
Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
github.com/golang-jwt/jwt | CVE-2025-30204 | HIGH | v3.2.2+incompatible | |
golang.org/x/crypto | CVE-2025-22869 | HIGH | v0.32.0 | 0.35.0 |
stdlib | CVE-2025-22874 | HIGH | v1.23.1 | 1.23.10, 1.24.4 |
usr/local/bin/gpg-wrapper.sh
Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-34156 | HIGH | v1.21.13 | 1.22.7, 1.23.1 |
stdlib | CVE-2025-22874 | HIGH | v1.21.13 | 1.23.10, 1.24.4 |
usr/local/bin/helm
Vulnerabilities (4)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
golang.org/x/crypto | CVE-2024-45337 | CRITICAL | v0.25.0 | 0.31.0 |
golang.org/x/crypto | CVE-2025-22869 | HIGH | v0.25.0 | 0.35.0 |
stdlib | CVE-2024-34156 | HIGH | v1.22.6 | 1.22.7, 1.23.1 |
stdlib | CVE-2025-22874 | HIGH | v1.22.6 | 1.23.10, 1.24.4 |
usr/local/bin/kustomize
Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-34156 | HIGH | v1.21.12 | 1.22.7, 1.23.1 |
stdlib | CVE-2025-22874 | HIGH | v1.21.12 | 1.23.10, 1.24.4 |
Akuity v2.12.12-distroless vs Argo CD v2.12.12
Full list of open source Argo CD vulnerabilities in this release
quay.io/akuity/argocd:v2.12.12-distroless
Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
git-lfs | CVE-2025-22874 | HIGH | 3.6.1-r5 | 3.6.1-r8 |
usr/local/bin/argocd
Vulnerabilities (7)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
github.com/argoproj/argo-cd/v2 | CVE-2025-47933 | CRITICAL | 2.12.11 | 2.13.8, 2.14.13 |
github.com/golang-jwt/jwt | CVE-2025-30204 | HIGH | v3.2.2+incompatible | |
golang.org/x/crypto | CVE-2025-22869 | HIGH | v0.31.0 | 0.35.0 |
k8s.io/kubernetes | CVE-2024-10220 | HIGH | v1.29.6 | 1.28.12, 1.29.7, 1.30.3 |
k8s.io/kubernetes | CVE-2024-5321 | HIGH | v1.29.6 | 1.27.16, 1.28.12, 1.29.7, 1.30.3 |
stdlib | CVE-2024-34156 | HIGH | v1.22.4 | 1.22.7, 1.23.1 |
stdlib | CVE-2025-22874 | HIGH | v1.22.4 | 1.23.10, 1.24.4 |
usr/local/bin/gpg-wrapper.sh
Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-34156 | HIGH | v1.21.13 | 1.22.7, 1.23.1 |
stdlib | CVE-2025-22874 | HIGH | v1.21.13 | 1.23.10, 1.24.4 |
usr/local/bin/helm
Vulnerabilities (5)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
github.com/docker/docker | CVE-2024-41110 | CRITICAL | v25.0.5+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 |
golang.org/x/crypto | CVE-2024-45337 | CRITICAL | v0.21.0 | 0.31.0 |
golang.org/x/crypto | CVE-2025-22869 | HIGH | v0.21.0 | 0.35.0 |
stdlib | CVE-2024-34156 | HIGH | v1.22.4 | 1.22.7, 1.23.1 |
stdlib | CVE-2025-22874 | HIGH | v1.22.4 | 1.23.10, 1.24.4 |
usr/local/bin/kustomize
Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-24790 | CRITICAL | v1.21.10 | 1.21.11, 1.22.4 |
stdlib | CVE-2024-34156 | HIGH | v1.21.10 | 1.22.7, 1.23.1 |
stdlib | CVE-2025-22874 | HIGH | v1.21.10 | 1.23.10, 1.24.4 |