Is github.com/goharbor/harbor safe to use?

github.com/goharbor/harbor has 4 known vulnerabilities on the latest version (v2.15.0+incompatible). DepScope rates its health at 66/100 (moderate risk).

What is the latest version of github.com/goharbor/harbor?

The latest version of github.com/goharbor/harbor is v2.15.0+incompatible, released 2026-03-11.

Does github.com/goharbor/harbor have known vulnerabilities?

Yes. github.com/goharbor/harbor has 4 known vulnerabilities. See depscope.dev/pkg/go/github.com/goharbor/harbor for details.

Is github.com/goharbor/harbor deprecated?

No, github.com/goharbor/harbor is actively maintained. Latest release: v2.15.0+incompatible (2026-03-11).

What are alternatives to github.com/goharbor/harbor?

DepScope has no curated alternatives for github.com/goharbor/harbor at this time.

What license does github.com/goharbor/harbor use?

github.com/goharbor/harbor is licensed under Apache-2.0.

github.com/goharbor/harbor

govv2.15.0+incompatible

An open source trusted cloud native registry project that stores, signs, and scans content.

License Apache-2.0permissive344 versions458 maintainers0 deps28,355 weekly dl

goharbor/harbor

/ 100

Health

update required

github.com/goharbor/[email protected]+incompatible has vulnerabilities — update to latest

Update to >= 0.0.0-20220630175814-b4ef1db to fix known vulnerabilities

1 high severity vulnerabilities

Health breakdown0 – 100

20/25

maintenance

10/20

popularity

16/25

security

15/15

maturity

5/15

community

Vulnerabilities

1 high2 medium1 low

Advisories (4)

Severity	ID	Summary	Fixed in
medium	BIT-harbor-2025-32019	Harbor repository description page has Cross-site Scripting vulnerability	2.4.0-rc1.0.20250421072404-a13a16383a41
medium	CVE-2025-30086	Possible ORM Leak Vulnerability in the Harbor	2.4.0-rc1.0.20250331071157-dce7d9f5cffb
high	BIT-harbor-2022-31668	Harbor fails to validate the user permissions when updating p2p preheat policies	0.0.0-20220630175814-b4ef1db
unknown	CVE-2026-4404	Harbor allows the use of the default password for web UI login in github.com/goharbor/harbor	—

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/github.com/goharbor/harbor

Last updated · 2026-03-11T05:50:37Z