CRITICAL9.4CVE-2026-4404Harbor allows the use of the default password for web UI login in github.com/goharbor/harbor from 0, <= 2.15.0
CRITICAL9.4CVE-2026-4404Harbor allows the use of the default password for web UI login in github.com/goharbor/harbor from 0
CRITICAL9.3Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
>= 1.7.0, < 1.8.6, >= 1.9.0, < 1.9.3
CRITICAL9.3Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
>= 1.7.0, < 1.8.6
HIGH7.7Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies
>= 1.0.0, < 1.10.13
HIGH7.7Harbor fails to validate the user permissions when updating tag retention policies
>= 1.0.0, < 1.10.13
HIGH7.6Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
>= 1.7.0, < 1.8.6, >= 1.9.0, < 1.9.3
HIGH7.6Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
>= 1.7.0, < 1.8.6
HIGH7.4User permission validation failure and disclosure of P2P preheat execution logs
>= 2.0.0+incompatible, < 2.4.3+incompatible, >= 2.5.0+incompatible, < 2.5.2+incompatible
HIGH7.4User permission validation failure and disclosure of P2P preheat execution logs
>= 2.0.0, < 2.4.3
HIGH7.2SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
>= 1.7.0, < 1.8.6
HIGH7.2SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
>= 1.7.0, < 1.8.6, >= 1.9.0, < 1.9.3
MEDIUM6.5Missing Authorization in Harbor in github.com/goharbor/harbor
>= 1.7.0, < 1.9.0-rc1
MEDIUM6.5Missing Authorization in Harbor in github.com/goharbor/harbor
>= 1.7.0, < 1.9.0-rc1
MEDIUM6.4Harbor fails to validate the user permissions when updating a robot account
>= 1.0.0, < 1.10.13
MEDIUM6.4Harbor fails to validate the user permissions when updating tag immutability policies
>= 1.0.0, < 1.10.13
MEDIUM5.9Timing attack risk in Harbor
from 0, < 1.10.18
MEDIUM5.9Timing attack risk in Harbor
from 0, < 1.10.18, >= 2.0.0+incompatible, < 2.7.3+incompatible, >= 2.8.0+incompatible, < 2.8.3+incompatible
MEDIUM5.5Harbor fails to validate the user permissions when updating project configurations
from 0, < 2.9.5
MEDIUM5.5Harbor fails to validate the user permissions when updating project configurations
from 0, < 2.9.5+incompatible, >= 2.10.0+incompatible, < 2.10.3+incompatible
MEDIUM5.3"catalog's registry v2 api exposed on unauthenticated path in Harbor" in github.com/goharbor/harbor
from 0, < 2.0.5+incompatible, >= 2.1.0+incompatible, < 2.1.2+incompatible
MEDIUM5.3"catalog's registry v2 api exposed on unauthenticated path in Harbor" in github.com/goharbor/harbor
from 0, < 2.0.5
MEDIUM5.3Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) in github.com/goharbor/harbor
>= 1.7.0, < 1.10.3
MEDIUM5.3Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) in github.com/goharbor/harbor
>= 1.7.0, < 1.10.3, >= 2.0.0+incompatible, < 2.0.1+incompatible
MEDIUM5.0Harbor fails to validate the user permissions when reading and updating job execution logs through the P2P preheat execution logs
>= 1.0.0, < 1.10.13
MEDIUM4.9Possible ORM Leak Vulnerability in the Harbor in github.com/goharbor/harbor
>= 2.13.0, < 2.13.1
MEDIUM4.9Possible ORM Leak Vulnerability in the Harbor in github.com/goharbor/harbor
from 0, < 2.12.4+incompatible, >= 2.13.0+incompatible, < 2.13.1+incompatible
MEDIUM4.9SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
>= 1.7.0, < 1.8.6, >= 1.9.0, < 1.9.3
MEDIUM4.9SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
>= 1.7.0, < 1.8.6
MEDIUM4.4Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) in github.com/goharbor/harbor
>= 1.8.0, < 2.0.1+incompatible
MEDIUM4.4Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) in github.com/goharbor/harbor
>= 1.8.0, < 2.0.1
MEDIUM4.3Harbor Open Redirect URL
from 0, < 2.8.5
MEDIUM4.3Harbor Open Redirect URL
from 0, < 2.8.5+incompatible, >= 2.9.0+incompatible, < 2.9.3+incompatible, >= 2.10.0+incompatible, < 2.10.1+incompatible
MEDIUM4.3Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor
from 0, < 2.0.3
MEDIUM4.3Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor
from 0, < 2.0.3+incompatible
MEDIUM4.1Harbor's repository description page allows for XSS
>= 2.12.0-rc1, < 2.12.4-rc1
MEDIUM4.1Harbor's repository description page allows for XSS
from 0
LOW2.7SQL Injection in Harbor scan log API
from 0, < 2.8.6
LOW2.7SQL Injection in Harbor scan log API
from 0, < 2.8.6+incompatible, >= 2.9.0+incompatible, < 2.9.4+incompatible, >= 2.10.0+incompatible, < 2.10.2+incompatible