pkg:Go/github.com/goharbor/harbor

39 total CVEsCRITICAL4HIGH8MEDIUM25LOW2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.4CVE-2026-4404Harbor allows the use of the default password for web UI login
    from 0, <= 2.15.0
  • CRITICAL9.4CVE-2026-4404Harbor allows the use of the default password for web UI login
    from 0
  • CRITICAL9.3CVE-2019-19023Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
    >= 1.7.0, < 1.8.6, >= 1.9.0, < 1.9.3
  • CRITICAL9.3CVE-2019-19023Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
    >= 1.7.0, < 1.8.6
  • HIGH7.7CVE-2022-31666Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies
    >= 1.0.0, < 1.10.13
  • HIGH7.7CVE-2022-31670Harbor fails to validate the user permissions when updating tag retention policies
    >= 1.0.0, < 1.10.13
  • HIGH7.6CVE-2019-19025Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
    >= 1.7.0, < 1.8.6, >= 1.9.0, < 1.9.3
  • HIGH7.6CVE-2019-19025Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
    >= 1.7.0, < 1.8.6
  • HIGH7.4CVE-2022-31668Harbor fails to validate the user permissions when updating p2p preheat policies in github.com/goharbor/harbor
    >= 2.0.0+incompatible, < 2.4.3+incompatible, >= 2.5.0+incompatible, < 2.5.2+incompatible
  • HIGH7.4CVE-2022-31668Harbor fails to validate the user permissions when updating p2p preheat policies in github.com/goharbor/harbor
    >= 2.0.0, < 2.4.3
  • HIGH7.2CVE-2019-19029SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
    >= 1.7.0, < 1.8.6
  • HIGH7.2CVE-2019-19029SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
    >= 1.7.0, < 1.8.6, >= 1.9.0, < 1.9.3
  • MEDIUM6.5CVE-2019-16097Missing Authorization in Harbor in github.com/goharbor/harbor
    >= 1.7.0, < 1.9.0-rc1
  • MEDIUM6.5CVE-2019-16097Missing Authorization in Harbor in github.com/goharbor/harbor
    >= 1.7.0, < 1.9.0-rc1
  • MEDIUM6.4CVE-2022-31667Harbor fails to validate the user permissions when updating a robot account
    >= 1.0.0, < 1.10.13
  • MEDIUM6.4CVE-2022-31669Harbor fails to validate the user permissions when updating tag immutability policies
    >= 1.0.0, < 1.10.13
  • MEDIUM5.9CVE-2023-20902Harbor timing attack risk
    from 0, < 1.10.18
  • MEDIUM5.9CVE-2023-20902Harbor timing attack risk
    from 0, < 1.10.18, >= 2.0.0+incompatible, < 2.7.3+incompatible, >= 2.8.0+incompatible, < 2.8.3+incompatible
  • MEDIUM5.5CVE-2024-22278Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor
    from 0, < 2.9.5
  • MEDIUM5.5CVE-2024-22278Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor
    from 0, < 2.9.5+incompatible, >= 2.10.0+incompatible, < 2.10.3+incompatible
  • MEDIUM5.3CVE-2020-29662"catalog's registry v2 api exposed on unauthenticated path in Harbor"
    from 0, < 2.0.5+incompatible, >= 2.1.0+incompatible, < 2.1.2+incompatible
  • MEDIUM5.3CVE-2020-29662"catalog's registry v2 api exposed on unauthenticated path in Harbor"
    from 0, < 2.0.5
  • MEDIUM5.3CVE-2019-19030Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030)
    >= 1.7.0, < 1.10.3
  • MEDIUM5.3CVE-2019-19030Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030)
    >= 1.7.0, < 1.10.3, >= 2.0.0+incompatible, < 2.0.1+incompatible
  • MEDIUM5.0CVE-2022-31671Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs
    >= 1.0.0, < 1.10.13
  • MEDIUM4.9CVE-2025-30086Possible ORM Leak Vulnerability in the Harbor in github.com/goharbor/harbor
    >= 2.13.0, < 2.13.1
  • MEDIUM4.9CVE-2025-30086Possible ORM Leak Vulnerability in the Harbor in github.com/goharbor/harbor
    from 0, < 2.12.4+incompatible, >= 2.13.0+incompatible, < 2.13.1+incompatible
  • MEDIUM4.9CVE-2019-19026SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
    >= 1.7.0, < 1.8.6, >= 1.9.0, < 1.9.3
  • MEDIUM4.9CVE-2019-19026SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
    >= 1.7.0, < 1.8.6
  • MEDIUM4.4CVE-2020-13788Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) in github.com/goharbor/harbor
    >= 1.8.0, < 2.0.1+incompatible
  • MEDIUM4.4CVE-2020-13788Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) in github.com/goharbor/harbor
    >= 1.8.0, < 2.0.1
  • MEDIUM4.3CVE-2024-22244Open Redirect URL in Harbor
    from 0, < 2.8.5
  • MEDIUM4.3CVE-2024-22244Open Redirect URL in Harbor
    from 0, < 2.8.5+incompatible, >= 2.9.0+incompatible, < 2.9.3+incompatible, >= 2.10.0+incompatible, < 2.10.1+incompatible
  • MEDIUM4.3CVE-2020-13794Authenticated users can exploit an enumeration vulnerability in Harbor
    from 0, < 2.0.3
  • MEDIUM4.3CVE-2020-13794Authenticated users can exploit an enumeration vulnerability in Harbor
    from 0, < 2.0.3+incompatible
  • MEDIUM4.1CVE-2025-32019Harbor's repository description page allows for XSS
    >= 2.12.0-rc1, < 2.12.4-rc1
  • MEDIUM4.1CVE-2025-32019Harbor's repository description page allows for XSS
    from 0
  • LOW2.7CVE-2024-22261SQL Injection in Harbor scan log API
    from 0, < 2.8.6
  • LOW2.7CVE-2024-22261SQL Injection in Harbor scan log API
    from 0, < 2.8.6+incompatible, >= 2.9.0+incompatible, < 2.9.4+incompatible, >= 2.10.0+incompatible, < 2.10.2+incompatible
Go/github.com/goharbor/harbor — 39 CVEs · VulnScope