pkg:Go/helm.sh/helm/v4

3 total CVEsHIGH2

✅ Check your installed version

All known vulnerabilities

  • HIGH8.6CVE-2026-35204Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory
    >= 4.0.0, < 4.1.4
  • HIGH7.8CVE-2026-35205Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install
    >= 4.0.0, < 4.1.4
  • CVE-2026-35206Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment
    from 0, < 4.1.4