Home/Product/helm
Product

helm

29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-35206
< 3.20.2
Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause h
4.4MEDIUM
 CVE-2026-35205
>= 4.0.0 and < 4.1.4
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file
7.8HIGH
 CVE-2026-35204
>= 4.0.0 and < 4.1.4
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updat
8.6HIGH
 CVE-2025-55199
< 3.18.5
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a mann
6.5MEDIUM
 CVE-2025-55198
< 3.18.5
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an imp
6.5MEDIUM
 CVE-2025-53547
< 3.17.4
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially l
8.5HIGH
 CVE-2025-32387
< 3.17.3
Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain o
6.5MEDIUM
 CVE-2025-32386
< 3.17.3
Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger un
6.5MEDIUM
 CVE-2019-25210
all versions
An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --
6.5MEDIUM
 CVE-2024-26147
< 3.14.2
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when
7.5HIGH
 CVE-2024-25620
< 3.14.1
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK
6.4MEDIUM
 CVE-2023-25165
>= 3.0.0 and < 3.11.1
Helm is a tool that streamlines installing and managing Kubernetes applications.getHostByName is a Helm template function introd
4.3MEDIUM
 CVE-2022-23526
>= 3.0.0 and < 3.10.3
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dere
5.3MEDIUM
 CVE-2022-23525
>= 3.0.0 and < 3.10.3
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dere
5.3MEDIUM
 CVE-2022-23524
>= 3.0.0 and < 3.10.3
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Reso
5.3MEDIUM
 CVE-2022-36049
>= 3.0.0 and < 3.9.4
Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes
7.7HIGH
 CVE-2022-36055
>= 3.0.0 and < 3.9.4
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF
6.5MEDIUM
 CVE-2021-32690
< 3.6.1
Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulner
6.8MEDIUM
 CVE-2021-21303
>= 3.0.0 and < 3.5.2
Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are
5.9MEDIUM
 CVE-2020-15187
>= 2.0.0 and < 2.16.11
In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used.
3.0LOW
 CVE-2020-15186
>= 2.0.0 and < 2.16.11
In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could us
3.4LOW
 CVE-2020-15185
>= 2.0.0 and < 2.16.11
In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always us
2.2LOW
 CVE-2020-15184
>= 2.0.0 and < 2.16.11
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. T
3.7LOW
 CVE-2020-4053
>= 3.0.0 and < 3.2.4
In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from
3.7LOW
 CVE-2020-11013
>= 3.1.0 and < 3.2.0
Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. lookup is a Helm template
8.5HIGH
 CVE-2019-18658
>= 2.0.0 and < 2.15.2
In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for
9.8CRITICAL
 CVE-2019-1010275
< 2.7.2
helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to t
9.8CRITICAL
 CVE-2019-1000009
>= 0.1.0 and < 0.8.1
Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path
6.5MEDIUM
 CVE-2019-1000008
>= 2.0.0 and < 2.12.2
All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Direct
6.5MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin