CVE-2026-4404

Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI...

EUVD-2019-13597

Malware in sbrugna...

EUVD-2022-0783

Malicious code in bioql PyPI...

EUVD-2022-6672

Malicious code in bioql PyPI...

EUVD-2022-0773

Malicious code in bioql PyPI...

EUVD-2024-2366

Malicious code in bioql PyPI...

EUVD-2023-2779

Malicious code in bioql PyPI...

TencentOS Server 4: harbor (TSSA-2025:0676)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0676 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

SUSE CVE-2025-30086

CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...

CVE-2025-32019

Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed ...

CVE-2025-30086

CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...

CVE-2025-30086

CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...

CVE-2025-32019

Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed ...

CVE-2025-32019

Harbor (the open source cloud-native registry) contains a stored XSS vulnerability in the markdown field of the info tab. Affected versions are 2.11.2 and earlier, and 2.12.0-rc1 and 2.13.0-rc1. The issue is fixed in Harbor 2.11.3 and 2.12.3. Existence and details are supported by multiple source...

Possible ORM Leak Vulnerability in the Harbor

Impact Administrator users on Harbor could exploit an ORM Leak https://www.elttam.com/blog/plormbing-your-django-orm/ vulnerability that was present in the /api/v2.0/users endpoint to leak users' password hash and salt values. This vulnerability was introduced into the application because the q U...

GHSA-H27M-3QW8-3PW8 Possible ORM Leak Vulnerability in the Harbor

Impact Administrator users on Harbor could exploit an ORM Leak https://www.elttam.com/blog/plormbing-your-django-orm/ vulnerability that was present in the /api/v2.0/users endpoint to leak users' password hash and salt values. This vulnerability was introduced into the application because the q U...

TencentOS Server 4: harbor (TSSA-2024:0828)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0828 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2023-20902

A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information...

CVE-2022-46463

An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."...

CVE-2020-13788

Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet...