In September 2023, security researchers from KTrust identified and reported three security vulnerabilities in Argo CD, which were addressed in coordination with Argo maintainers and other partners such as Codefresh, RedHat, Intuit, and Akuity. These vulnerabilities, known as CVEs, involved attempts to bypass login protections and could potentially allow unauthorized access to user accounts on unpatched versions of Argo CD. While Codefresh GitOps users were less at risk due to the platform's architecture, updates were still recommended, and security patches were issued for Argo CD versions 2.10, 2.9, and 2.8. Users were advised to update their systems promptly or employ additional security measures like removing default admin accounts and restricting API access. The Argo Project collaborates with HackerOne and the CNCF on bug bounties to incentivize and reward contributions toward improving security, underscoring the importance of community efforts in addressing such vulnerabilities.