42 matches found
EUVD-2021-1031
Malware in sbrugna...
EUVD-2024-0727
Malicious code in bioql PyPI...
EUVD-2025-20751
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-25620
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose...
SUSE CVE-2025-55198
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expect...
CVE-2025-55198
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expect...
Use of Uninitialized Resource
Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource via improper validation when parsing Chart.yaml and index.yaml files. An attacker can cause a panic in the application by providing malformed or unexpected YAML content, such as a null maintainer, non-strin...
Use of Uninitialized Resource
Overview github.com/helm/helm/pkg/chartutil is a package manager for kubernetes. Affected versions of this package are vulnerable to Use of Uninitialized Resource via improper validation when parsing Chart.yaml and index.yaml files. An attacker can cause a panic in the application by providing...
CVE-2025-55198 Helm May Panic Due To Incorrect YAML Content
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expect...
PT-2025-33103 Ā· Helm Ā· Helm
Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.18.5 Description: Helm is a package manager for Charts for Kubernetes. An improper validation of type error when parsing Chart.yaml and index.yaml files can lead to a panic. This issue impacts YAML validation where a...
GO-2025-3802 Helm vulnerable to Code Injection through malicious chart.yaml content in helm.sh/helm
Helm vulnerable to Code Injection through malicious chart.yaml content in helm.sh/helm...
Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution
...
BIT-HELM-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...
Helm vulnerable to Code Injection through malicious chart.yaml content
A Helm contributor discovered that a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Impact Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and thi...
GHSA-557J-XG8C-Q2MM Helm vulnerable to Code Injection through malicious chart.yaml content
A Helm contributor discovered that a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Impact Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and thi...
AZL-64877 CVE-2025-53547 affecting package helm for versions less than 3.14.2-7
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...
CVE-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...
CVE-2025-53547
Helm (Kubernetes package manager) before version 3.18.4 is affected by a code-execution vulnerability that arises when a specially crafted Chart.yaml content is carried over to Chart.lock during dependency updates, and the Chart.lock file is symlinked to a file that is executed (e.g., a bashrc or...
CVE-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...
Arbitrary Code Injection
Overview github.com/helm/helm/pkg/downloader is a Package downloader provides a library for downloading charts. Affected versions of this package are vulnerable to Arbitrary Code Injection via the writeLock function. An attacker can execute arbitrary code by supplying crafted chart templates...