VDB
GO-2025-3825
GO-2025-3825
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Harbor repository description page has Cross-site Scripting vulnerability in github.com/goharbor/harbor
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | goharbor/harbor | 0, 2.12.0-rc1+incompatible, 2.13.0-rc1+incompatible |
Timeline
- Jul 29, 2025 CVE Published
- Mar 3, 2026 CVE Updated
- May 1, 2026 Security Advisory
References
- https://github.com/goharbor/harbor/security/advisories/GHSA-f9vc-vf3r-pqqq advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-32019 advisory
- https://github.com/goharbor/harbor/commit/76c2c5f7cfd9edb356cbb373889a59cc3217a058 fix
- https://github.com/goharbor/harbor/commit/a13a16383a41a8e20f524593cb290dc52f86f088 fix
- https://github.com/goharbor/harbor/commit/f019430872118852f83f96cac9c587b89052d1e5 fix