Helm
This hub aggregates every CVE we track for Helm, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
30
CVEs tracked
2
Critical
7
High
0
In CISA KEV
Severity distribution
MEDIUM16HIGH7LOW5CRITICAL2
Monthly trend
0
0
0
0
0
0
0
0
2
0
0
1
2
0
0
0
0
0
0
0
3
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Helm.
- CVE-2026-35206Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment4.4
- CVE-2026-35205Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install7.8
- CVE-2026-35204Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory8.6
- CVE-2025-55198Helm May Panic Due To Incorrect YAML Content6.5
- CVE-2025-55199Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion6.5
- CVE-2025-53547Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution8.5
- CVE-2025-32386Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination6.5
- CVE-2025-32387Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow6.5
- CVE-2019-25210An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases,...6.5
- CVE-2024-26147Helm's Missing YAML Content Leads To Panic7.5
- CVE-2024-25620Dependency management path traversal in helm6.4
- CVE-2023-45284Incorrect detection of reserved device names on Windows in path/filepath5.3
- CVE-2023-45283Insecure parsing of Windows paths with a \??\ prefix in path/filepath7.5
- CVE-2023-25165getHostByName Function Information Disclosure4.3
- CVE-2022-23526Helm contains Denial of service through schema file5.3
Product normalization is registry-driven with AI assist and human review. How it works