Arbitrary Command Injection

Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Arbitrary Command Injection due to the improper sanitazation of user-supplied repository in the Chart.yaml file in the helmv3 manager. An attacker can execute arbitrary commands on the host system by...

CVE-2025-55199

A flaw was found in helm.sh/helm/v3. A maliciously crafted JSON Schema file can trigger excessive memory consumption during Helm Chart validation, leading to an out-of-memory OOM termination. A remote attacker, requiring user interaction to provide the crafted file, can trigger this condition. Th...

GO-2023-1547 Information disclosure in helm.sh/helm/v3

An information disclosure vulnerability exists in the getHostByName template function. The function getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a...

GHSA-9VP5-M38W-J776 Aliases are never checked in helm

Impact During a security audit of Helm's code base, security researchers at Trail of Bits identified a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. Patches This issue has been patched in Helm 3.3.2 a...

Information disclosure

Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. lookup is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be us...

CVE-2020-11013

Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. lookup is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be us...