Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the helm pull --untar chart URL | repo/chartname command. An attacker can cause files to be written to unintended directories, potentially overwriting existing files or placing malicious files in accessible...

EUVD-2024-0727

Malicious code in bioql PyPI...

EUVD-2022-7511

Malicious code in bioql PyPI...

EUVD-2025-10670

Malicious code in bioql PyPI...

EUVD-2022-6504

Malicious code in bioql PyPI...

EUVD-2022-7524

Malicious code in bioql PyPI...

EUVD-2022-7540

Malicious code in bioql PyPI...

BIT-HELM-2025-32386 Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination

Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800x difference. When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issu...

CVE-2025-32386

Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800x difference. When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issu...

CVE-2025-32386 Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination

Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800x difference. When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issu...

CVE-2023-25165 getHostByName Function Information Disclosure

Helm is a tool that streamlines installing and managing Kubernetes applications.getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS...

AZL-11655 CVE-2022-23525 affecting package helm for versions less than 3.9.4-4

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the repopackage. The repo package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart...

CVE-2022-23524

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the strvals package can cause a stack overflow. In Go, a stack overflow cannot be recovered fro...

GHSA-Q4W5-4GQ2-98VM Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server

Impact All unpatched versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is or may be us...