Filter
AND

Versions

1.9.0
7
1.7.0
6
2.0.0
6
2.5.0
5
1.8.0
3
1.9.0-rc1
2
1.0.0
1
1.1.0
1
1.3.0
1
1.3.0-rc1
1
1.3.0-rc2
1
1.3.0-rc3
1
1.3.0-rc4
1
1.7.0-rc1
1
1.7.0-rc2
1
1.7.1
1
1.7.2
1
1.7.3
1
1.7.4
1
1.7.5
1
1.7.6
1
1.8.0-rc1
1
1.8.0-rc2
1
1.8.1
1
1.8.2
1
1.8.2-rc1
1
1.8.2-rc2
1
1.8.3
1
1.8.5
1
1.9.0-rc2
1
1.9.1
1
1.9.1-rc1
1
2.0
1
2.1.0
1
2.10.0
1
2.5.3
1
2.6.0
1
2.6.4
1
2.7.0
1
2.8.0
1

HarborCloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnera…

high
8.8
First published (updated )
CVE-2019-19023

go/github.com/goharbor/harborCSRF

high
8.8
First published (updated )
CVE-2019-19025

HarborSSRF

high
8.6
First published (updated )
CVE-2017-17697

go/github.com/goharbor/harborHarbor fails to validate the user permissions when updating tag retention policies

high
7.7
First published (updated )
CVE-2022-31670

go/github.com/goharbor/harborHarbor fails to validate the user permissions when updating tag immutability policies

high
7.7
First published (updated )
CVE-2022-31669

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

go/github.com/goharbor/harborUser permission validation failure and disclosure of P2P preheat execution logs

high
7.7
First published (updated )
CVE-2022-31668

HarborHarbor API has a Broken Access Control vulnerability. The vulnerability allows project administrator…

high
7.5
First published (updated )
CVE-2019-16919

HarborAn access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private ima…

high
7.5
First published (updated )
CVE-2022-46463

go/github.com/goharbor/harborHarbor fails to validate the user permissions when reading and updating job execution logs through the P2P preheat execution logs

high
7.4
First published (updated )
CVE-2022-31671

go/github.com/goharbor/harborSQL Injection

high
7.2
First published (updated )
CVE-2019-19029

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Harborcore/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via t…

medium
6.5
First published (updated )
CVE-2019-16097

HarborTiming attack risk in Harbor

medium
6.5
First published (updated )
CVE-2023-20902

go/github.com/goharbor/harborHarbor fails to validate the user permissions when updating project configurations

medium
6.4
First published (updated )
CVE-2024-22278

go/github.com/goharbor/harborHarbor fails to validate the user permissions when updating a robot account

medium
6.4
First published (updated )
CVE-2022-31667

HarborIn Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauth…

medium
5.3
First published (updated )
CVE-2020-29662

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

HarborCloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumerat…

medium
5.3
First published (updated )
CVE-2019-19030

HarborSQL Injection

medium
4.9
First published (updated )
CVE-2019-19026

go/github.com/goharbor/harborHarbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor.

medium
4.3
First published (updated )
CVE-2020-13794

HarborSSRF

medium
4.3
First published (updated )
CVE-2020-13788

HarborA User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This en…

medium
4.3
First published (updated )
CVE-2019-3990

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203