Helm Helm
23 CVEs affecting Helm Helm. Latest disclosed: 2026-04-09. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-53547 | High | 8.5 | 2025-07-08 | Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lea… |
CVE-2020-11013 | High | 8.5 | 2020-04-24 | Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v… |
CVE-2024-26147 | High | 7.5 | 2024-02-21 | Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin… |
CVE-2021-32690 | Medium | 6.8 | 2021-06-16 | Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the user… |
CVE-2025-55198 | Medium | 6.5 | 2025-08-13 | Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type erro… |
CVE-2025-55199 | Medium | 6.5 | 2025-08-13 | Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to… |
CVE-2025-32386 | Medium | 6.5 | 2025-04-09 | Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e… |
CVE-2025-32387 | Medium | 6.5 | 2025-04-09 | Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to pars… |
CVE-2022-36055 | Medium | 6.5 | 2022-09-01 | Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functio… |
CVE-2024-25620 | Medium | 6.4 | 2024-02-14 | Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whos… |
CVE-2021-21303 | Medium | 5.9 | 2021-02-05 | Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured K… |
CVE-2022-23526 | Medium | 5.3 | 2022-12-15 | Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ pac… |
CVE-2022-23525 | Medium | 5.3 | 2022-12-15 | Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package… |
CVE-2022-23524 | Medium | 5.3 | 2022-12-15 | Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting i… |
CVE-2023-25165 | Medium | 4.3 | 2023-02-08 | Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function… |
CVE-2020-15184 | Low | 3.7 | 2020-09-17 | In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injecti… |
CVE-2020-15186 | Low | 3.4 | 2020-09-17 | In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name… |
CVE-2020-15187 | Low | 3.0 | 2020-09-17 | In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, t… |
CVE-2020-15185 | Low | 2.2 | 2020-09-17 | In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compro… |
CVE-2026-35206 | | 2026-04-09 | Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar [chart URL… |