helm.sh/helm/v3 (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package helm.sh/helm/v3, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (24)
CVE-2020-11013 — CVSS 8.5 (high): Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function…
CVE-2025-53547 — CVSS 8.5 (high): Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked…
CVE-2022-36049 — CVSS 7.7 (high): Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator…
CVE-2020-7919 — CVSS 7.5 (high): Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows…
CVE-2024-26147 — CVSS 7.5 (high): Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm…
CVE-2021-32690 — CVSS 6.8 (medium): Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability…
CVE-2025-32386 — CVSS 6.5 (medium): Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger…
CVE-2022-36055 — CVSS 6.5 (medium): Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF…
CVE-2025-32387 — CVSS 6.5 (medium): Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of…
CVE-2025-55199 — CVSS 6.5 (medium): Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which…
CVE-2019-25210 — CVSS 6.5 (medium): An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run…
CVE-2025-55198 — CVSS 6.5 (medium): Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper…
CVE-2024-25620 — CVSS 6.4 (medium): Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used…
CVE-2021-21303 — CVSS 5.9 (medium): Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages…
CVE-2022-23526 — CVSS 5.3 (medium): Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference…
CVE-2022-23524 — CVSS 5.3 (medium): Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource…
CVE-2022-23525 — CVSS 5.3 (medium): Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference…
CVE-2026-35206 — CVSS 4.4 (medium): Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull…
CVE-2023-25165 — CVSS 4.3 (medium): Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in…
CVE-2020-15184 — CVSS 3.7 (low): In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could…
CVE-2020-4053 — CVSS 3.7 (low): In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar…
CVE-2020-15186 — CVSS 3.4 (low): In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use…
CVE-2020-15187 — CVSS 3.0 (low): In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a…
CVE-2020-15185 — CVSS 2.2 (low): In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a…