argo-workflows.advisories.yaml

schema-version: 2.0.2

package:
  name: argo-workflows

advisories:
  - id: CVE-2023-45283
    aliases:
      - GHSA-vvjp-q62m-2vph
    events:
      - timestamp: 2023-11-07T19:23:10Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: Only affects Windows

  - id: CVE-2023-45284
    aliases:
      - GHSA-rq3x-83w4-p28c
    events:
      - timestamp: 2023-11-07T19:23:12Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: Only affects Windows

  - id: CVE-2023-46402
    aliases:
      - GHSA-3f2q-6294-fmq5
    events:
      - timestamp: 2023-12-03T14:31:33Z
        type: fixed
        data:
          fixed-version: 3.5.2-r1

  - id: CVE-2023-48795
    aliases:
      - GHSA-45x7-px36-x8w8
    events:
      - timestamp: 2023-12-19T16:57:10Z
        type: fixed
        data:
          fixed-version: 3.5.2-r3

  - id: GHSA-2c7c-3mj9-8fqh
    events:
      - timestamp: 2023-11-23T08:30:52Z
        type: fixed
        data:
          fixed-version: 3.5.1-r1

  - id: GHSA-9763-4f94-gfch
    events:
      - timestamp: 2024-01-16T10:49:13Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: argo-workflow-executor
            componentID: 213e47f269f6a7ab
            componentName: github.com/cloudflare/circl
            componentVersion: v1.3.3
            componentType: go-module
            componentLocation: /usr/bin/argoexec
            scanner: grype

  - id: GHSA-jq35-85cj-fj4p
    events:
      - timestamp: 2023-10-31T20:03:40Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: This vulnerability is in the container runtime itself, not clients of the container runtime.