Harbor

This hub aggregates every CVE we track for Harbor, a product in the ai ml space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Harbor.

• CVE-2026-4404Use of hard coded credentials in GoHarbor Harbor9.4Mar 23, 2026
• CVE-2025-32019Harbor's repository description page allows for XSS4.1Jul 23, 2025
• CVE-2022-31668User permission validation failure and disclosure of P2P preheat execution logs7.4Nov 14, 2024
• CVE-2022-31667Harbor fails to validate the user permissions when updating a robot account6.4Nov 14, 2024
• CVE-2022-31669Harbor fails to validate the user permissions when updating tag immutability policies6.4Nov 14, 2024
• CVE-2022-31670Harbor fails to validate the user permissions when updating tag retention policies7.7Nov 14, 2024
• CVE-2022-31671Harbor fails to validate the user permissions when reading and updating job execution logs through the P2P preheat execution logs7.4Nov 14, 2024
• CVE-2022-31666Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies7.7Nov 14, 2024
• CVE-2024-22278Harbor fails to validate the user permissions when updating project configurations6.4Aug 2, 2024
• CVE-2024-22261SQL Injection in Harbor scan log API2.7Jun 10, 2024
• CVE-2024-22244Harbor Open Redirect URL4.3Jun 10, 2024
• CVE-2023-7104SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow5.5Dec 25, 2023
• CVE-2023-20902Timing attack risk in Harbor5.9Nov 9, 2023
• CVE-2023-5678Excessive time spent in DH check / generation with large Q parameter value5.3Nov 6, 2023
• CVE-2023-38545This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of ...9.8Oct 18, 2023