helm.sh/helm/v3 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-35206Mediumhelm.sh/helm/v4: Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segmentCVE-2025-55198Mediumhelm.sh/helm/v3: Helm May Panic Due To Incorrect YAML ContentCVE-2025-55199Mediumhelm.sh/helm/v3: Helm Charts with Specific JSON Schema Values Can Cause Memory ExhaustionCVE-2025-53547Highhelm.sh/helm/v3: Helm vulnerable to Code Injection through malicious chart.yaml contentCVE-2025-32387Mediumhelm.sh/helm/v3: Helm Allows A Specially Crafted JSON Schema To Cause A Stack OverflowCVE-2025-32386Mediumhelm.sh/helm/v3: Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory TerminationCVE-2024-26147Highhelm.sh/helm/v3: Helm's Missing YAML Content Leads To PanicCVE-2024-25620Mediumhelm.sh/helm/v3: Helm dependency management path traversalCVE-2023-25165Mediumhelm.sh/helm/v3: Helm vulnerable to information disclosure via getHostByName Function CVE-2022-23526Mediumhelm.sh/helm/v3: Helm vulnerable to denial of service through schema fileCVE-2022-23525Mediumhelm.sh/helm/v3: Helm vulnerable to denial of service through through repository index fileCVE-2022-23524Mediumhelm.sh/helm/v3: Helm vulnerable to denial of service through string value parsingCVE-2022-36055Mediumhelm.sh/helm/v3: Helm Vulnerable to denial of service through string value parsingCVE-2021-21303Mediumhelm.sh/helm/v3: Improper Neutralization of Special Elements in Output in helm.sh/helm/v3CVE-2020-4053Lowhelm.sh/helm/v3: Plugin archive directory traversal in HelmCVE-2021-32690Mediumhelm.sh/helm/v3: Helm passes repository credentials to alternate domainCVE-2020-7919Highgithub.com/helm/helm: Helm uses crypto package vulnerable to panic from malformed X.509 certificateCVE-2020-11013Highhelm.sh/helm/v3: Lookup function information discolosure in helmCVE-2020-15187Lowhelm.sh/helm/v3: plugin.yaml file allows for duplicate entries in helmCVE-2020-15186Lowhelm.sh/helm/v3: Improper Sanitizing of plugin names in helmCVE-2020-15185Lowhelm.sh/helm/v3: Repository index file allows for duplicates of the same chart entry in helmCVE-2020-15184Lowhelm.sh/helm/v3: Aliases are never checked in helm

Stop the waste.
Protect your environment with Kodem.