Github.com/goharbor/harbor
This hub aggregates every CVE we track for Github.com/goharbor/harbor, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
21
CVEs tracked
0
Critical
7
High
0
In CISA KEV
Severity distribution
MEDIUM13HIGH7LOW1
Monthly trend
0
1
0
0
6
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Github.com/goharbor/harbor.
- CVE-2025-30086CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password...4.9
- CVE-2025-32019Harbor's repository description page allows for XSS4.1
- CVE-2022-31668User permission validation failure and disclosure of P2P preheat execution logs7.4
- CVE-2022-31667Harbor fails to validate the user permissions when updating a robot account6.4
- CVE-2022-31669Harbor fails to validate the user permissions when updating tag immutability policies6.4
- CVE-2022-31670Harbor fails to validate the user permissions when updating tag retention policies7.7
- CVE-2022-31671Harbor fails to validate the user permissions when reading and updating job execution logs through the P2P preheat execution logs7.4
- CVE-2022-31666Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies7.7
- CVE-2024-22278Harbor fails to validate the user permissions when updating project configurations6.4
- CVE-2024-22261SQL Injection in Harbor scan log API2.7
- CVE-2024-22244Harbor Open Redirect URL4.3
- CVE-2023-20902Timing attack risk in Harbor5.9
- CVE-2019-19030Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists.5.3
- CVE-2020-29662In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.5.3
- CVE-2020-13794Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor.4.3
Product normalization is registry-driven with AI assist and human review. How it works