587 matches found
BIT-HARBOR-2022-31666 Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies
Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects...
CVE-2019-16097
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix:...
CVE-2019-16919
Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper...
GHSA-9J3M-FR7Q-JXFW vulnerabilities
Vulnerabilities for packages: harbor...
CVE-2024-55885 vulnerabilities
Vulnerabilities for packages: harbor...
GHSA-9J3M-FR7Q-JXFW vulnerabilities
Vulnerabilities for packages: harbor, harbor-fips...
CVE-2024-55885 vulnerabilities
Vulnerabilities for packages: harbor, harbor-fips...
GHSA-7C64-F9JR-V9H2 vulnerabilities
Vulnerabilities for packages: prometheus, kube-bench, docker-credential-acr-env-fips, gotestsum, newrelic-infrastructure-agent, longhorn-backing-image-manager, petname, chart-testing-fips, flux-helm-controller-fips, sftpgo-plugin-geoipfilter, k6-fips, trillian-fips, coredns-fips, opa-envoy,...
CVE-2025-61729 vulnerabilities
Vulnerabilities for packages: prometheus, kube-bench, docker-credential-acr-env-fips, gotestsum, newrelic-infrastructure-agent, longhorn-backing-image-manager, petname, chart-testing-fips, flux-helm-controller-fips, sftpgo-plugin-geoipfilter, k6-fips, trillian-fips, coredns-fips, opa-envoy,...
GHSA-7C64-F9JR-V9H2 vulnerabilities
Vulnerabilities for packages: kbld, ingress-nginx-controller, kubernetes-dashboard-metrics-scraper, grpcurl, goreleaser, knative-operator, karma, nvidia-container-toolkit, go-jsonnet, kind, portieris, syft, nri-kafka, gitsign, rancher-helm, sftpgo-plugin-kms, splunk-otel-collector, nats-server,...
TencentOS Server 4: harbor (TSSA-2025:0614)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0614 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
EUVD-2021-1125
Malware in sbrugna...
EUVD-2021-1178
Malware in sbrugna...
EUVD-2019-13597
Malware in sbrugna...
EUVD-2021-1165
Malware in sbrugna...
EUVD-2019-7413
Malware in sbrugna...
EUVD-2021-1161
Malware in sbrugna...
EUVD-2017-8854
Malware in sbrugna...
EUVD-2021-1209
Malware in sbrugna...
EUVD-2025-22653
Malicious code in bioql PyPI...