CVE-2025-30086
MEDIUM4.9EPSS 0.39%Possible ORM Leak Vulnerability in the Harbor in github.com/goharbor/harbor
Published: 7/23/2025Modified: 7/29/2025
Description
Possible ORM Leak Vulnerability in the Harbor in github.com/goharbor/harbor. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/goharbor/harbor before v2.4.0-rc1.0.20250331071157-dce7d9f5cffb.
Affected packages (2)
- Go/github.com/goharbor/harbor>= 2.13.0, < 2.13.1
- Go/github.com/goharbor/harborfrom 0, < 2.12.4+incompatible, >= 2.13.0+incompatible, < 2.13.1+incompatible
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-30086
- PATCHhttps://github.com/goharbor/harbor
- WEBhttps://github.com/goharbor/harbor/commit/dce7d9f5cffbd0d0c5d27e7a2f816f65a930702c
- WEBhttps://github.com/goharbor/harbor/releases
- WEBhttps://github.com/goharbor/harbor/security/advisories/GHSA-h27m-3qw8-3pw8
- WEBhttps://goharbor.io/blog
- WEBhttps://www.elttam.com/blog/plormbing-your-django-orm