Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

helm — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting helm. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Helm serves as the package manager for Kubernetes, streamlining the deployment and management of applications through reusable charts. Its widespread adoption in container orchestration environments has made it a frequent target for attackers seeking to compromise cluster integrity. Historically, vulnerabilities within Helm have predominantly involved remote code execution and improper access control mechanisms, allowing unauthorized users to manipulate deployed workloads or escalate privileges within the cluster. These flaws often stem from insufficient input validation or insecure configuration defaults during chart installation. While no single catastrophic incident has defined its history, the cumulative effect of its twenty-three recorded CVEs highlights significant risks in supply chain security. Administrators must rigorously audit chart sources and enforce strict RBAC policies to mitigate these persistent threats, ensuring that the convenience of automated deployments does not compromise the underlying infrastructure’s security posture.

Found 23 results / 23Clear Filters
Top products by helm: helm
CVE IDTitleCVSSSeverityPublished
CVE-2026-35206 Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment — helmCWE-22 3.5AILowAI2026-04-09
CVE-2026-35205 Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install — helmCWE-636 8.1AIHighAI2026-04-09
CVE-2026-35204 Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory — helmCWE-22 5.7AIMediumAI2026-04-09
CVE-2025-55198 Helm May Panic Due To Incorrect YAML Content — helmCWE-908 6.5 Medium2025-08-13
CVE-2025-55199 Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion — helmCWE-770 6.5 Medium2025-08-13
CVE-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution — helmCWE-94 8.5 High2025-07-08
CVE-2025-32386 Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination — helmCWE-789 6.5 Medium2025-04-09
CVE-2025-32387 Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow — helmCWE-121 6.5 Medium2025-04-09
CVE-2024-26147 Helm's Missing YAML Content Leads To Panic — helmCWE-457 7.5 High2024-02-21
CVE-2024-25620 Dependency management path traversal in helm — helmCWE-22 6.4 Medium2024-02-14
CVE-2023-25165 getHostByName Function Information Disclosure — helmCWE-200 4.3 Medium2023-02-08
CVE-2022-23526 Helm contains Denial of service through schema file — helmCWE-476 5.3 Medium2022-12-15
CVE-2022-23525 Helm vulnerable to Denial of service via NULL Pointer Dereference — helmCWE-476 5.3 Medium2022-12-15
CVE-2022-23524 Helm vulnerable to Denial of service through string value parsing — helmCWE-400 5.3 Medium2022-12-15
CVE-2022-36055 Denial of service in Helm — helmCWE-400 6.5 Medium2022-09-01
CVE-2021-32690 Repository credentials passed to alternate domain — helmCWE-200 6.8 Medium2021-06-16
CVE-2021-21303 Injection attack in Helm — helmCWE-74 5.9 Medium2021-02-05
CVE-2020-15187 Duplicate plugin entries in Helm — helmCWE-694 3.0 Low2020-09-17
CVE-2020-15186 Improper sanitization of plugin names in Helm — helmCWE-20 3.4 Low2020-09-17
CVE-2020-15185 Duplicated chart entries in Helm — helmCWE-694 2.2 Low2020-09-17
CVE-2020-15184 Aliases are never checked in Helm — helmCWE-20 3.7 Low2020-09-17
CVE-2020-11013 lookup Function Information Discolosure in Helm — HelmCWE-200 8.5 High2020-04-24
CVE-2019-1010275 helm 信任管理问题漏洞 — helmCWE-295 9.1 -2019-07-17

This page lists every published CVE security advisory associated with helm. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.