github.com/goharbor/harbor (go) security advisories

UNKNOWN

Go

GO-2026-4876

Harbor: LDAP password and OIDC secret are not redacted in the audit log

Mar 26, 2026

UNKNOWN

Go

GHSA-prh4-vhfh-24mj

Harbor: LDAP password and OIDC secret are not redacted in the audit log in github.com/goharbor/harbor

Apr 2, 2026

CRITICAL 9.4

Go

CVE-2026-4404

Harbor allows the use of the default password for web UI login

Mar 23, 2026

UNKNOWN

Go

CVE-2026-4404

Harbor allows the use of the default password for web UI login in github.com/goharbor/harbor

Mar 26, 2026

MEDIUM 5.3

Go

CVE-2020-29662

"catalog's registry v2 api exposed on unauthenticated path in Harbor"

Feb 12, 2022

MEDIUM 4.3

Go

CVE-2020-13794

Authenticated users can exploit an enumeration vulnerability in Harbor

May 24, 2021

MEDIUM 5.3

Go

CVE-2019-19030

Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030)

Feb 11, 2022

MEDIUM 5.9

Go

CVE-2023-20902

Harbor timing attack risk

Oct 10, 2023

LOW 2.7

Go

CVE-2024-22261

SQL Injection in Harbor scan log API

Jun 2, 2024

MEDIUM 4.3

Go

CVE-2024-22244

Open Redirect URL in Harbor

Jun 2, 2024

UNKNOWN

Go

CVE-2025-32019

Harbor repository description page has Cross-site Scripting vulnerability in github.com/goharbor/harbor

Jul 29, 2025

UNKNOWN

Go

CVE-2022-31668

Harbor fails to validate the user permissions when updating p2p preheat policies in github.com/goharbor/harbor

Dec 12, 2024

UNKNOWN

Go

CVE-2024-22261

SQL Injection in Harbor scan log API in github.com/goharbor/harbor

Jun 14, 2024

UNKNOWN

Go

CVE-2024-22244

Open Redirect URL in Harbor in github.com/goharbor/harbor

Jun 14, 2024

UNKNOWN

Go

CVE-2023-20902

Harbor timing attack risk in github.com/goharbor/harbor

Aug 21, 2024

UNKNOWN

Go

CVE-2019-19026

SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

Aug 21, 2024

UNKNOWN

Go

CVE-2019-19025

Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

Aug 21, 2024

UNKNOWN

Go

CVE-2019-19029

SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

Aug 21, 2024

UNKNOWN

Go

CVE-2020-13794

Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor

Aug 21, 2024

UNKNOWN

Go

CVE-2019-19023

Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

Aug 21, 2024

UNKNOWN

Go

CVE-2024-22278

Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor

Aug 6, 2024

UNKNOWN

Go

CVE-2019-16097

Missing Authorization in Harbor in github.com/goharbor/harbor

Aug 21, 2024

UNKNOWN

Go

CVE-2020-29662

"catalog's registry v2 api exposed on unauthenticated path in Harbor" in github.com/goharbor/harbor

Aug 21, 2024

UNKNOWN

Go

CVE-2020-13788

Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) in github.com/goharbor/harbor

Aug 21, 2024

UNKNOWN

Go

CVE-2019-19030

Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) in github.com/goharbor/harbor

Aug 21, 2024

MEDIUM 5.0

Go

CVE-2022-31671

Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs

Sep 9, 2022

HIGH 7.7

Go

CVE-2022-31666

Harbor fails to validate the user permissions when viewing Webhook policies

Sep 16, 2022

MEDIUM 4.1

Go

CVE-2025-32019

Harbor repository description page has Cross-site Scripting vulnerability

Jul 23, 2025

UNKNOWN

Go

CVE-2025-30086

Possible ORM Leak Vulnerability in the Harbor in github.com/goharbor/harbor

Jul 29, 2025

MEDIUM 4.9

Go

CVE-2025-30086

Possible ORM Leak Vulnerability in the Harbor

Jul 23, 2025

HIGH 7.4

Go

CVE-2022-31668

Harbor fails to validate the user permissions when updating p2p preheat policies

Nov 14, 2024

MEDIUM 6.4

Go

CVE-2022-31667

Harbor fails to validate the user permissions when updating a robot account

Sep 16, 2022

HIGH 7.7

Go

CVE-2022-31670

Harbor fails to validate the user permissions when updating tag retention policies

Sep 16, 2022

MEDIUM 6.4

Go

CVE-2022-31669

Harbor fails to validate the user permissions when updating tag immutability policies

Sep 16, 2022

MEDIUM 5.5

Go

CVE-2024-22278

Harbor fails to validate the user permissions when updating project configurations

Jul 31, 2024

HIGH 7.6

Go

CVE-2019-19025

Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor

May 18, 2021

HIGH 7.2

Go

CVE-2019-19029

SQL Injection in Cloud Native Computing Foundation Harbor

May 18, 2021

MEDIUM 6.5

Go

CVE-2019-16097

Missing Authorization in Harbor

Feb 15, 2022

MEDIUM 4.9

Go

CVE-2019-19026

SQL Injection in Cloud Native Computing Foundation Harbor

May 18, 2021

MEDIUM 4.4

Go

CVE-2020-13788

Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)

Feb 11, 2022

CRITICAL 9.3

Go

CVE-2019-19023

Privilege Escalation in Cloud Native Computing Foundation Harbor

May 18, 2021

github.com/goharbor/harbor

Vulnerabilities

Harbor: LDAP password and OIDC secret are not redacted in the audit log

Harbor: LDAP password and OIDC secret are not redacted in the audit log in github.com/goharbor/harbor

Harbor allows the use of the default password for web UI login

Harbor allows the use of the default password for web UI login in github.com/goharbor/harbor

"catalog's registry v2 api exposed on unauthenticated path in Harbor"

Authenticated users can exploit an enumeration vulnerability in Harbor

Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030)

Harbor timing attack risk

SQL Injection in Harbor scan log API

Open Redirect URL in Harbor

Harbor repository description page has Cross-site Scripting vulnerability in github.com/goharbor/harbor

Harbor fails to validate the user permissions when updating p2p preheat policies in github.com/goharbor/harbor

SQL Injection in Harbor scan log API in github.com/goharbor/harbor

Open Redirect URL in Harbor in github.com/goharbor/harbor

Harbor timing attack risk in github.com/goharbor/harbor

SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor

Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor

Missing Authorization in Harbor in github.com/goharbor/harbor

"catalog's registry v2 api exposed on unauthenticated path in Harbor" in github.com/goharbor/harbor

Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) in github.com/goharbor/harbor

Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) in github.com/goharbor/harbor

Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs

Harbor fails to validate the user permissions when viewing Webhook policies

Harbor repository description page has Cross-site Scripting vulnerability

Possible ORM Leak Vulnerability in the Harbor in github.com/goharbor/harbor

Possible ORM Leak Vulnerability in the Harbor

Harbor fails to validate the user permissions when updating p2p preheat policies

Harbor fails to validate the user permissions when updating a robot account

Harbor fails to validate the user permissions when updating tag retention policies

Harbor fails to validate the user permissions when updating tag immutability policies

Harbor fails to validate the user permissions when updating project configurations

Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor

SQL Injection in Cloud Native Computing Foundation Harbor

Missing Authorization in Harbor

SQL Injection in Cloud Native Computing Foundation Harbor

Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)

Privilege Escalation in Cloud Native Computing Foundation Harbor

Start Securing