SUSE-SU-2026:21628-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2025-55199: crafted JSON Schema can lead to out of memory OOM termination bsc1248093. - CVE-2026-35206: github.com/helm/helm: Helm: Files written to unexpected directory via specially crafted Chart bsc1261938. Non security...

CVE-2026-35204

Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. To prevent this, validate that the plugin.yaml of the Helm plugin does not...

EUVD-2021-1385

Malware in sbrugna...

EUVD-2021-1035

Malware in sbrugna...

CBL Mariner 2.0 Security Update: cert-manager / helm (CVE-2025-32387)

The version of cert-manager / helm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32387 advisory. - Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be...

GHSA-5XQW-8HWV-WG92 Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow

A Helm contributor discovered that a specially crafted JSON Schema within a chart can lead to a stack overflow. Impact A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack...

GHSA-4HFP-H4CW-HJ8P Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination

A Helm contributor discovered that a specially crafted chart archive file can cause Helm to use all available memory and have an out of memory OOM termination. Impact A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800...

Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination

A Helm contributor discovered that a specially crafted chart archive file can cause Helm to use all available memory and have an out of memory OOM termination. Impact A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800...

GO-2023-1993 Helm Improper Certificate Validation in helm.sh/helm

Helm Improper Certificate Validation in helm.sh/helm...

SUSE-SU-2023:2750-1 Security update for terraform-provider-helm

This update of terraform-provider-helm fixes the following issues: - rebuild the package with the go 1.20 security release bsc1206346...

SUSE-SU-2023:2322-2 Security update for terraform-provider-helm

This update of terraform-provider-helm fixes the following issues: - rebuild the package with the go 1.19 security release bsc1200441...

PT-2023-36185 · Hashicorp · Terraform-Provider-Helm

Name of the Vulnerable Software and Affected Versions: terraform-provider-helm affected versions not specified Description: The issue is related to a security release in Go 1.19. The terraform-provider-helm package has been rebuilt with this security release to address the issue. Recommendations:...

SUSE CVE-2023-25165

Helm is a tool that streamlines installing and managing Kubernetes applications.getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS...

SUSE-SU-2022:3666-1 Security update for helm

This update for helm fixes the following issues: helm was updated to version 3.9.4: CVE-2022-36055: Fixed denial of service through string value parsing bsc1203054. Updating the certificates used for testing Updating index handling helm was updated to version 3.9.3: - CVE-2022-1996: Updated...

GHSA-P2G7-XWVR-RRW3 Helm Controller denial of service

Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK allows for specific data inputs to cause high memory consumption, which in some platforms could cause the controller to panic and stop processing reconciliations. Impact In a shared cluster multi-tenanc...

GHSA-P5PC-M4Q7-7QM9 Helm Unsafe Link Following

In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service DoS via a special file such as /dev/urandom, via...

[ASA-202102-22] helm: insufficient validation

Arch Linux Security Advisory ASA-202102-22 ========================================== Severity: Low Date : 2021-02-07 CVE-ID : CVE-2021-21303 Package : helm Type : insufficient validation Remote : No Link : https://security.archlinux.org/AVG-1539 Summary ======= The package helm before version...

CVE-2020-4053

In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended director...