pkg:Go/helm.sh/helm/v3

38 total CVEsHIGH6MEDIUM26LOW5

✅ Check your installed version

All known vulnerabilities

HIGH8.5CVE-2025-53547Helm vulnerable to Code Injection through malicious chart.yaml content in helm.sh/helm
>= 3.18.0-rc.1, < 3.18.4
HIGH8.5CVE-2025-53547Helm vulnerable to Code Injection through malicious chart.yaml content in helm.sh/helm
from 0, < 3.18.4
HIGH8.5CVE-2020-11013Lookup function information discolosure in helm
>= 3.0.0, < 3.1.3
HIGH7.5CVE-2024-26147Helm's Missing YAML Content Leads To Panic in helm.sh/helm/v3
from 0, < 3.14.2
HIGH7.5CVE-2024-26147Helm's Missing YAML Content Leads To Panic in helm.sh/helm/v3
from 0, < 3.14.2
HIGH7.5CVE-2020-7919Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte
>= 3.0.0, < 3.1.0
MEDIUM6.8CVE-2021-32690Helm passes repository credentials to alternate domain
from 0, < 3.6.1
MEDIUM6.8CVE-2021-32690Helm passes repository credentials to alternate domain
from 0, < 3.6.1
MEDIUM6.8CVE-2021-32690Helm passes repository credentials to alternate domain
from 0, < 3.6.1
MEDIUM6.5CVE-2025-55198Helm May Panic Due To Incorrect YAML Content
from 0, < 3.18.5
MEDIUM6.5CVE-2025-55198Helm May Panic Due To Incorrect YAML Content
from 0, < 3.18.5
MEDIUM6.5CVE-2025-55199Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion in helm.sh/helm
from 0, < 3.18.5
MEDIUM6.5CVE-2025-55199Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion in helm.sh/helm
from 0, < 3.18.5
MEDIUM6.5CVE-2025-32387Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow in helm.sh/helm
from 0, < 3.17.3
MEDIUM6.5CVE-2025-32387Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow in helm.sh/helm
from 0, < 3.17.3
MEDIUM6.5CVE-2025-32386Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
from 0, < 3.17.3
MEDIUM6.5CVE-2025-32386Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
from 0, < 3.17.3
MEDIUM6.5CVE-2019-25210Withdrawn Advisory: Helm shows secrets in clear text
>= 3.0.0, <= 3.14.2
MEDIUM6.5CVE-2022-36055Denial of service through string value parsing in helm.sh/helm/v3
from 0, < 3.9.4
MEDIUM6.5CVE-2022-36055Denial of service through string value parsing in helm.sh/helm/v3
from 0, < 3.9.4
MEDIUM6.5CVE-2021-21303Improper Neutralization of Special Elements in Output in helm.sh/helm/v3
>= 3.0.0, < 3.5.2
MEDIUM6.5CVE-2021-21303Improper Neutralization of Special Elements in Output in helm.sh/helm/v3
>= 3.0.0, < 3.5.2
MEDIUM6.4CVE-2024-25620Path traversal in helm.sh/helm/v3
from 0, < 3.14.1
MEDIUM6.4CVE-2024-25620Path traversal in helm.sh/helm/v3
from 0, < 3.14.1
MEDIUM5.3CVE-2022-23526Denial of service via schema file in helm.sh/helm/v3
from 0, < 3.10.3
MEDIUM5.3CVE-2022-23526Denial of service via schema file in helm.sh/helm/v3
from 0, < 3.10.3
MEDIUM5.3CVE-2022-23525Denial of service via repository index file in helm.sh/helm/v3
from 0, < 3.10.3
MEDIUM5.3CVE-2022-23525Denial of service via repository index file in helm.sh/helm/v3
from 0, < 3.10.3
MEDIUM5.3CVE-2022-23524Denial of service in string value parsing in helm.sh/helm/v3
from 0, < 3.10.3
MEDIUM5.3CVE-2022-23524Denial of service in string value parsing in helm.sh/helm/v3
from 0, < 3.10.3
MEDIUM4.3CVE-2023-25165Helm vulnerable to information disclosure via getHostByName Function
>= 3.0.0, < 3.11.1
MEDIUM4.3CVE-2023-25165Helm vulnerable to information disclosure via getHostByName Function
from 0, < 3.11.1
LOW3.7CVE-2020-4053Plugin archive directory traversal in Helm
>= 3.0.0, < 3.2.4
LOW3.7CVE-2020-15184Aliases are never checked in helm
>= 3.0.0, < 3.3.2
LOW3.4CVE-2020-15186Improper Sanitizing of plugin names in helm
>= 3.0.0, < 3.3.2
LOW3.0CVE-2020-15187plugin.yaml file allows for duplicate entries in helm
>= 3.0.0, < 3.3.2
LOW2.2CVE-2020-15185Repository index file allows for duplicates of the same chart entry in helm
>= 3.0.0, < 3.3.2
—CVE-2026-35206Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment
from 0, < 3.20.2