576 matches found
Harbor <=1.82.0 - Privilege Escalation
Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration. id: CVE-2019-16097...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: ratify, cert-manager-csi-driver, opentofu, rclone, zot, spqr, cert-manager-istio-csr, percona-server-mongodb-operator, telegraf, teleport, rancher-webhook, gitlab-runner, flux, grafana, dex, kyverno-notation-aws, k6, rancher, frp, openbao, gitea, seaweedfs, minio,...
GHSA-PJCQ-XVWQ-HHPJ vulnerabilities
Vulnerabilities for packages: ratify, cert-manager-csi-driver, opentofu, rclone, zot, spqr, cert-manager-istio-csr, percona-server-mongodb-operator, telegraf, teleport, rancher-webhook, gitlab-runner, flux, grafana, dex, kyverno-notation-aws, k6, rancher, frp, openbao, gitea, seaweedfs, minio,...
GHSA-PJCQ-XVWQ-HHPJ vulnerabilities
Vulnerabilities for packages: gitlab-runner, gitlab-runner-fips, nuclei, beats-fips, rancher-webhook-fips, telegraf, packer-fips, trufflehog, ldap2pg, dex, cert-manager-fips, rclone, zot, cert-manager-csi-driver-fips, cert-manager-openshift-routes, seaweedfs, flux, yunikorn-k8shim-fips,...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: gitlab-runner, gitlab-runner-fips, nuclei, beats-fips, rancher-webhook-fips, telegraf, packer-fips, trufflehog, ldap2pg, dex, cert-manager-fips, rclone, zot, cert-manager-csi-driver-fips, cert-manager-openshift-routes, seaweedfs, flux, yunikorn-k8shim-fips,...
CLEANSTART-2026-DR81473 HashiCorp’s go-getter library up to v1
Multiple security vulnerabilities affect the harbor-scanner-trivy-fips package. HashiCorp’s go-getter library up to v1. See references for individual vulnerability details...
GO-2026-4876 Harbor: LDAP password and OIDC secret are not redacted in the audit log in github.com/goharbor/harbor
Harbor: LDAP password and OIDC secret are not redacted in the audit log in github.com/goharbor/harbor...
PT-2026-29931
Harbor: LDAP password and OIDC secret are not redacted in the audit log in github.com/goharbor/harbor...
CLEANSTART-2026-FB05615 Security fixes for CVE-2025-15558, CVE-2025-53547, CVE-2025-55198, CVE-2025-55199, CVE-2026-27141, ghsa-557j-xg8c-q2mm, ghsa-9h84-qmv7-982p, ghsa-f6x5-jh6r-wrfv, ghsa-f9f8-9pmf-xv68, ghsa-j5w8-q4qc-rx2x, ghsa-p436-gjf2-799p applied in versions: 2.13.4-r0, 2.13.4-r1, 2.13.4-r2
Multiple security vulnerabilities affect the harbor package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-LB23787 Security fixes for CVE-2021-3538, CVE-2025-15558, CVE-2025-29923, CVE-2025-53547, CVE-2025-55198, CVE-2025-55199, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-33186, ghsa-557j-xg8c-q2mm, ghsa-9h84-qmv7-982p, ghsa-f6x5-jh6r-wrfv, ghsa-f9f8-9pmf-xv68, ghsa-j5w8-q4qc-rx2x, ghsa-p436-gjf2-799p applied in versions: 2.13.4-r0, 2.13.4-r1, 2.13.4-r2, 2.13.5-r0, 2.13.5-r1
Multiple security vulnerabilities affect the harbor package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-PE63912 Security fixes for CVE-2021-3538, CVE-2025-29923, CVE-2025-53547, CVE-2025-55198, CVE-2025-55199, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-33186, ghsa-557j-xg8c-q2mm, ghsa-9h84-qmv7-982p, ghsa-f6x5-jh6r-wrfv, ghsa-f9f8-9pmf-xv68, ghsa-j5w8-q4qc-rx2x applied in versions: 2.14.2-r0, 2.14.2-r1, 2.15.0-r0, 2.15.0-r1
Multiple security vulnerabilities affect the harbor package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-MT27167 Security fixes for CVE-2021-3538, CVE-2025-29923, CVE-2025-53547, CVE-2025-55198, CVE-2025-55199, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-33186, ghsa-557j-xg8c-q2mm, ghsa-9h84-qmv7-982p, ghsa-f6x5-jh6r-wrfv, ghsa-f9f8-9pmf-xv68, ghsa-j5w8-q4qc-rx2x applied in versions: 2.14.2-r0, 2.14.2-r1, 2.14.3-r0, 2.14.3-r1
Multiple security vulnerabilities affect the harbor package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-OS42112 Security fixes for CVE-2021-3538, CVE-2025-15558, CVE-2025-29923, CVE-2025-53547, CVE-2025-55198, CVE-2025-55199, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-33186, ghsa-557j-xg8c-q2mm, ghsa-9h84-qmv7-982p, ghsa-f6x5-jh6r-wrfv, ghsa-f9f8-9pmf-xv68, ghsa-j5w8-q4qc-rx2x, ghsa-p436-gjf2-799p applied in versions: 2.12.4-r0, 2.12.4-r1, 2.13.4-r0, 2.13.4-r1, 2.13.4-r2
Multiple security vulnerabilities affect the harbor package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-EE52954 Security fixes for CVE-2021-3538, CVE-2025-22871, CVE-2025-29923, CVE-2025-4673, CVE-2025-47907, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61727, CVE-2025-61729, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-q754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-qxp5-gwg8-xv66, ghsa-vvgc-356p-c3xw applied in versions: 3.0.0.1-r2, 3.0.0.1-r3, 3.0.0.1-r4
Multiple security vulnerabilities affect the harbor-registry package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-QY63788 Security fixes for CVE-2021-3538, CVE-2025-15558, CVE-2025-29923, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 2.14.2-r0, 2.14.2-r1, 2.14.3-r0, 2.14.3-r1
Multiple security vulnerabilities affect the harbor-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-VZ76006 Security fixes for CVE-2021-3538, CVE-2025-29923, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-24051, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 3.0.0.1-r3, 3.0.0.1-r4, 3.0.0.1-r5
Multiple security vulnerabilities affect the harbor-registry-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-KW24478 Security fixes for CVE-2021-3538, CVE-2025-15558, CVE-2025-29923, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 2.14.2-r0, 2.14.2-r1, 2.15.0-r0, 2.15.0-r1
Multiple security vulnerabilities affect the harbor-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-AP81168 Security fixes for CVE-2021-3538, CVE-2025-15558, CVE-2025-29923, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 2.13.4-r0, 2.13.5-r0, 2.13.5-r1
Multiple security vulnerabilities affect the harbor-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-GM18965 Security fixes for CVE-2025-15558, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 2.14.2-r0, 2.14.2-r1, 2.14.2-r2
Multiple security vulnerabilities affect the harbor-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-IC68874 Security fixes for CVE-2025-15558, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 2.13.4-r0, 2.13.4-r1
Multiple security vulnerabilities affect the harbor-fips package. These issues are resolved in later releases. See references for individual vulnerability details...