ROS-20260506-73-0010

Vulnerability in helm related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

PT-2026-32428

Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...

SUSE CVE-2026-35205

Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance .prov file when signature verification is required. This vulnerability is fixed in 4.1.4...

SUSE CVE-2026-35206

Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...

CVE-2026-35205

A flaw was found in Helm, a package manager for Kubernetes. A remote attacker could exploit this vulnerability by providing a malicious plugin that lacks a provenance file. Even when signature verification is enabled, Helm would incorrectly install this unverified plugin, bypassing critical...

CVE-2026-35206

Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...

CVE-2026-35206

Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...

Security Bulletin: Due to the use of helm, IBM Kubecost Self Hosted is affected by stack overflow and memory exhaustion

Summary helm is used by IBM Kubecost Self Hosted as part of the cluster-controller component CVE-2025-32387, CVE-2025-32386 Vulnerability Details CVEID:CVE-2025-32387 DESCRIPTION: Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply...

EUVD-2004-1493

Malware in sbrugna...

EUVD-2021-1164

Malware in sbrugna...

EUVD-2021-1031

Malware in sbrugna...

EUVD-2022-5730

Malicious code in bioql PyPI...

EUVD-2022-5856

Malicious code in bioql PyPI...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to helm ( CVE-2025-32386, CVE-2025-32387 )

Summary Helm is used by IBM Cloud Pak for Data to build binaries in cpd-cli. Vulnerability Details CVEID:CVE-2025-32386 DESCRIPTION: Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g.,...

Linux Distros Unpatched Vulnerability : CVE-2020-11013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. lookup is a Helm template function introduced in Helm v3. ...

Linux Distros Unpatched Vulnerability : CVE-2021-21303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Helm is open-source software which is essentially The Kubernetes Package Manager. Helm is a tool for managing Charts. Charts are packages of pre-configured...

ROS-20250822-15

Package manager vulnerability for Helm is related to local code execution when updating dependencies. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

AZL-66318 CVE-2025-55199 affecting package helm 3.14.2-10

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. This issue has been resolved in Helm 3.18.5. A workaround involves...

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource via improper validation when parsing Chart.yaml and index.yaml files. An attacker can cause a panic in the application by providing malformed or unexpected YAML content, such as a null maintainer, non-strin...

Helm 安全漏洞

Helm is a Kubernetes package manager from the CNCF Foundation. A security vulnerability exists in Helm versions prior to 3.18.5, which stems from mishandling of JSON Schema files and could lead to memory exhaustion...