PT-2026-31732

Name of the Vulnerable Software and Affected Versions Helm versions 3.20.1 and earlier, and versions 4.1.3 and earlier Description Helm, a package manager for Kubernetes Charts, is affected by an issue where a specially crafted Chart can cause the helm pull --untar command to write chart contents...

Security Bulletin: Astronomer with IBM is vulnerable to local code execution due to the Helm package manager (CVE-2025-53547)

Summary Helm is used by Astronomer with IBM as part of service installation and management. Vulnerability Details CVEID:CVE-2025-53547 DESCRIPTION: Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock fi...

EUVD-2025-20751

Malicious code in bioql PyPI...

EUVD-2025-10671

Malicious code in bioql PyPI...

EUVD-2024-0709

Malicious code in bioql PyPI...

CVE-2025-55198

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expect...

CVE-2025-55198 Helm May Panic Due To Incorrect YAML Content

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expect...

CVE-2025-55198

CVE-2025-55198 affects Helm (Charts for Kubernetes). Prior to 3.18.5, parsing Chart.yaml and index.yaml could panic due to improper type validation. Helm 3.18.5 fixes the issue; a workaround is to ensure YAML files are formatted as Helm expects before processing. The IBM/Converged IBM bulletins l...

CVE-2025-53547

Helm (Kubernetes package manager) before version 3.18.4 is affected by a code-execution vulnerability that arises when a specially crafted Chart.yaml content is carried over to Chart.lock during dependency updates, and the Chart.lock file is symlinked to a file that is executed (e.g., a bashrc or...

CVE-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...

CVE-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...

CVE-2025-53547

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...

The vulnerability of the package manager for Kubernetes Helm, related to the lack of control over user-input data, allows a malicious actor to trigger a service failure.

The vulnerability of the package manager for Kubernetes Helm is related to the lack of control over data entered by users. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

BIT-HELM-2025-32387 Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow

Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3...

CVE-2025-32387

Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3...

CVE-2025-32387 Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow

Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3...

AZL-38497 CVE-2024-26147 affecting package helm for versions less than 3.13.2-3

Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...

The vulnerability of the Helm package manager exists due to an incorrect restriction on the path name to the restricted access catalog. This allows a malicious actor to unpack the files from the diagram archive outside of the target directory.

The vulnerability of the Helm package manager exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to unpack the diagram archive files outside of the target directory using commands like “helm fetch --untar” an...