pkg:Bitnami/helm

24 total CVEsHIGH6MEDIUM12LOW5

✅ Check your installed version

All known vulnerabilities

  • HIGH8.6CVE-2026-35204Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory
    >= 4.0.0, < 4.1.4
  • HIGH8.5CVE-2025-53547Helm vulnerable to Code Injection through malicious chart.yaml content in helm.sh/helm
    from 0, < 3.18.4
  • HIGH8.5CVE-2020-11013Lookup function information discolosure in helm
    >= 3.1.0, < 3.2.0
  • HIGH7.8CVE-2026-35205Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install
    >= 4.0.0, < 4.1.4
  • HIGH7.7CVE-2022-36049Helm Controller denial of service
    >= 3.0.0, < 3.9.4
  • HIGH7.5CVE-2024-26147Helm's Missing YAML Content Leads To Panic in helm.sh/helm/v3
    from 0, < 3.14.2
  • MEDIUM6.8CVE-2021-32690Helm passes repository credentials to alternate domain
    from 0, < 3.6.1
  • MEDIUM6.5CVE-2025-55198Helm May Panic Due To Incorrect YAML Content
    from 0, < 3.18.5
  • MEDIUM6.5CVE-2025-55199Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion in helm.sh/helm
    from 0, < 3.18.5
  • MEDIUM6.5CVE-2025-32387Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow in helm.sh/helm
    from 0, < 3.17.3
  • MEDIUM6.5CVE-2025-32386Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
    from 0, < 3.17.3
  • MEDIUM6.5CVE-2022-36055Denial of service through string value parsing in helm.sh/helm/v3
    >= 3.0.0, < 3.9.4
  • MEDIUM6.5CVE-2021-21303Improper Neutralization of Special Elements in Output in helm.sh/helm/v3
    >= 3.0.0, < 3.5.2
  • MEDIUM6.4CVE-2024-25620Path traversal in helm.sh/helm/v3
    from 0, < 3.14.1
  • MEDIUM5.3CVE-2022-23526Denial of service via schema file in helm.sh/helm/v3
    >= 3.0.0, < 3.10.3
  • MEDIUM5.3CVE-2022-23525Denial of service via repository index file in helm.sh/helm/v3
    >= 3.0.0, < 3.10.3
  • MEDIUM5.3CVE-2022-23524Denial of service in string value parsing in helm.sh/helm/v3
    >= 3.0.0, < 3.10.3
  • MEDIUM4.3CVE-2023-25165Helm vulnerable to information disclosure via getHostByName Function
    >= 3.0.0, < 3.11.1
  • LOW3.7CVE-2020-4053Plugin archive directory traversal in Helm
    >= 3.0.0, < 3.2.4
  • LOW3.7CVE-2020-15184Aliases are never checked in helm
    >= 2.0.0, < 2.16.11, >= 3.0.0, < 3.3.2
  • LOW3.4CVE-2020-15186Improper Sanitizing of plugin names in helm
    >= 2.0.0, < 2.16.11, >= 3.0.0, < 3.3.2
  • LOW3.0CVE-2020-15187plugin.yaml file allows for duplicate entries in helm
    >= 2.0.0, < 2.16.11, >= 3.0.0, < 3.3.2
  • LOW2.2CVE-2020-15185Repository index file allows for duplicates of the same chart entry in helm
    >= 2.0.0, < 2.16.11, >= 3.0.0, < 3.3.2
  • CVE-2026-35206Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment
    from 0, < 3.20.2, >= 4.0.0, < 4.1.4