587 matches found
Harbor <=1.82.0 - Privilege Escalation
Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration. id: CVE-2019-16097...
GHSA-5CGQ-3RG8-M6CV vulnerabilities
Vulnerabilities for packages: omnictl-multiarch-fips, flux, mattermost, kubernetes, prometheus, gitlab-rails-ce-fips, loki, keda-fips, k3s, argo-cd, argo-events-fips, telegraf, upwind-agent, omnictl-multiarch, argocd-image-updater, traefik, traefik-fips, gitsign, nemo, harbor, commercial-grafana,...
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: omnictl-multiarch-fips, kubernetes-dashboard, flux-source-controller, cert-manager, kube-arangodb-fips, trivy-fips, frankenphp-8.2, external-dns, drone-fips, omnictl-multiarch, nerdctl, traefik-fips, knative-serving-fips, prometheus-fips, kots, commercial-grafana,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-servicenetworking, crossplane-provider-azure-authorization, chainctl-fips, omnictl-multiarch-fips, policy-controller, kubernetes-dashboard, flux-source-controller, sops, cert-manager, gomplate, kube-arangodb-fips, step-kms-plugin, trivy-fips...
GHSA-VGWF-H737-FF37 vulnerabilities
Vulnerabilities for packages: omnictl-multiarch-fips, chainctl-fips, kubernetes-dashboard, flux-source-controller, longhorn-manager-fips, cert-manager, gomplate, kube-arangodb-fips, trivy-fips, teleport-operator-fips, nuclei, frankenphp-8.2, mapotf-fips, splunk-otel-collector,...
GHSA-JPPX-RXG9-JMRX vulnerabilities
Vulnerabilities for packages: omnictl-multiarch-fips, kubernetes-dashboard, cert-manager, kube-arangodb-fips, buildah-fips, teleport-operator-fips, frankenphp-8.2, external-dns, omnictl-multiarch, nerdctl, traefik-fips, knative-serving-fips, prometheus-fips, kots, commercial-grafana, containerd,...
GHSA-89GR-R52H-F8RX vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-servicenetworking, crossplane-provider-azure-authorization, chainctl-fips, omnictl-multiarch-fips, policy-controller, kubernetes-dashboard, flux-source-controller, sops, cert-manager, gomplate, kube-arangodb-fips, step-kms-plugin, trivy-fips...
GHSA-9M57-25V3-79X9 vulnerabilities
Vulnerabilities for packages: omnictl-multiarch-fips, kubernetes-dashboard, cert-manager, kube-arangodb-fips, buildah-fips, teleport-operator-fips, frankenphp-8.2, external-dns, omnictl-multiarch, nerdctl, traefik-fips, knative-serving-fips, prometheus-fips, kots, commercial-grafana, containerd,...
GHSA-F5WC-C3C7-36MC vulnerabilities
Vulnerabilities for packages: omnictl-multiarch-fips, chainctl-fips, kubernetes-dashboard, flux-source-controller, cert-manager, gomplate, kube-arangodb-fips, step-kms-plugin, trivy-fips, buildah-fips, teleport-operator-fips, nuclei, frankenphp-8.2, mapotf-fips, external-dns, omnictl-multiarch,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: omnictl-multiarch-fips, kubernetes-dashboard, flux-source-controller, cert-manager, kube-arangodb-fips, trivy-fips, frankenphp-8.2, external-dns, drone-fips, omnictl-multiarch, nerdctl, traefik-fips, knative-serving-fips, prometheus-fips, kots, commercial-grafana,...
GHSA-PJCQ-XVWQ-HHPJ vulnerabilities
Vulnerabilities for packages: terraform, rclone, rancher-agent, spqr, teleport, flux, rancher, grafana, cert-manager-istio-csr, trufflehog, openbao, zot, xeol, opentofu, seaweedfs, k6, gitlab-runner, external-secrets-operator, harbor, kyverno-notation-aws, ratify, bento, gitea, yunikorn-k8shim,...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: terraform, rclone, rancher-agent, spqr, teleport, flux, rancher, grafana, cert-manager-istio-csr, trufflehog, openbao, zot, xeol, opentofu, seaweedfs, k6, gitlab-runner, external-secrets-operator, harbor, kyverno-notation-aws, ratify, bento, gitea, yunikorn-k8shim,...
GHSA-PJCQ-XVWQ-HHPJ vulnerabilities
Vulnerabilities for packages: flux-source-controller, cert-manager, cert-manager-google-cas-issuer-fips, sftpgo-plugin-auth, rancher-webhook, nuclei, cert-manager-istio-csr, yunikorn-k8shim, cert-manager-istio-csr-fips, xeol-fips, k6, external-secrets-fips, trufflehog, gitlab-runner,...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: flux-source-controller, cert-manager, cert-manager-google-cas-issuer-fips, sftpgo-plugin-auth, rancher-webhook, nuclei, cert-manager-istio-csr, yunikorn-k8shim, cert-manager-istio-csr-fips, xeol-fips, k6, external-secrets-fips, trufflehog, gitlab-runner,...
CLEANSTART-2026-DR81473 HashiCorp’s go-getter library up to v1
Multiple security vulnerabilities affect the harbor-scanner-trivy-fips package. HashiCorp’s go-getter library up to v1. See references for individual vulnerability details...
GO-2026-4876 Harbor: LDAP password and OIDC secret are not redacted in the audit log in github.com/goharbor/harbor
Harbor: LDAP password and OIDC secret are not redacted in the audit log in github.com/goharbor/harbor...
PT-2026-29931
Harbor: LDAP password and OIDC secret are not redacted in the audit log in github.com/goharbor/harbor...
CLEANSTART-2026-FB05615 Security fixes for CVE-2025-15558, CVE-2025-53547, CVE-2025-55198, CVE-2025-55199, CVE-2026-27141, ghsa-557j-xg8c-q2mm, ghsa-9h84-qmv7-982p, ghsa-f6x5-jh6r-wrfv, ghsa-f9f8-9pmf-xv68, ghsa-j5w8-q4qc-rx2x, ghsa-p436-gjf2-799p applied in versions: 2.13.4-r0, 2.13.4-r1, 2.13.4-r2
Multiple security vulnerabilities affect the harbor package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-LB23787 Security fixes for CVE-2021-3538, CVE-2025-15558, CVE-2025-29923, CVE-2025-53547, CVE-2025-55198, CVE-2025-55199, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-33186, ghsa-557j-xg8c-q2mm, ghsa-9h84-qmv7-982p, ghsa-f6x5-jh6r-wrfv, ghsa-f9f8-9pmf-xv68, ghsa-j5w8-q4qc-rx2x, ghsa-p436-gjf2-799p applied in versions: 2.13.4-r0, 2.13.4-r1, 2.13.4-r2, 2.13.5-r0, 2.13.5-r1
Multiple security vulnerabilities affect the harbor package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-PE63912 Security fixes for CVE-2021-3538, CVE-2025-29923, CVE-2025-53547, CVE-2025-55198, CVE-2025-55199, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-33186, ghsa-557j-xg8c-q2mm, ghsa-9h84-qmv7-982p, ghsa-f6x5-jh6r-wrfv, ghsa-f9f8-9pmf-xv68, ghsa-j5w8-q4qc-rx2x applied in versions: 2.14.2-r0, 2.14.2-r1, 2.15.0-r0, 2.15.0-r1
Multiple security vulnerabilities affect the harbor package. These issues are resolved in later releases. See references for individual vulnerability details...