| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-35206 | Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment | helm | helm | - | - | 2026-04-09 21:02:14 | Deep Dive |
| CVE-2026-35205 | Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install | helm | helm | - | - | 2026-04-09 15:06:41 | Deep Dive |
| CVE-2026-35204 | Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory | helm | helm | - | - | 2026-04-09 15:03:29 | Deep Dive |
| CVE-2026-25750 | LangSmith Studio has URL Parameter Injection Vulnerability that Enables Token Theft via Malicious baseUrl | langchain-ai | helm | - | - | 2026-03-04 21:58:59 | Deep Dive |
| CVE-2026-24044 | ESS Community Helm Chart has a weak server key generation method | element-hq | ess-helm | - | - | 2026-02-12 19:06:13 | Deep Dive |
| CVE-2025-55198 | Helm May Panic Due To Incorrect YAML Content | helm | helm | Medium | 6.5 | 2025-08-13 23:23:57 | Deep Dive |
| CVE-2025-55199 | Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion | helm | helm | Medium | 6.5 | 2025-08-13 23:23:43 | Deep Dive |
| CVE-2025-54064 | rucio-server, rucio-ui, and rucio-webui vulnerable to insertion of X-Rucio-Auth-Token in apache access logfiles | rucio | helm-charts | - | - | 2025-07-17 14:41:00 | Deep Dive |
| CVE-2025-53547 | Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution | helm | helm | High | 8.5 | 2025-07-08 21:39:59 | Deep Dive |
| CVE-2025-32386 | Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination | helm | helm | Medium | 6.5 | 2025-04-09 22:28:44 | Deep Dive |
| CVE-2025-32387 | Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow | helm | helm | Medium | 6.5 | 2025-04-09 22:28:33 | Deep Dive |
| CVE-2024-52814 | Helm Lacks Granularity in Workflow Role | argoproj | argo-helm | Low | 2.8 | 2024-11-22 15:53:06 | Deep Dive |
| CVE-2024-52799 | Argo Workflows Chart: Excessive Privileges in Workflow Role | argoproj | argo-helm | High | 8.2 | 2024-11-21 17:02:02 | Deep Dive |
| CVE-2024-29037 | Default secret use for initial deployment | acryldata | datahub-helm | Critical | 9.1 | 2024-03-20 20:42:19 | Deep Dive |
| CVE-2024-26147 | Helm's Missing YAML Content Leads To Panic | helm | helm | High | 7.5 | 2024-02-21 22:21:43 | Deep Dive |
| CVE-2024-25620 | Dependency management path traversal in helm | helm | helm | Medium | 6.4 | 2024-02-14 23:24:58 | Deep Dive |
| CVE-2023-25165 | getHostByName Function Information Disclosure | helm | helm | Medium | 4.3 | 2023-02-08 19:07:14 | Deep Dive |
| CVE-2022-23526 | Helm contains Denial of service through schema file | helm | helm | Medium | 5.3 | 2022-12-15 00:43:40 | Deep Dive |
| CVE-2022-23525 | Helm vulnerable to Denial of service via NULL Pointer Dereference | helm | helm | Medium | 5.3 | 2022-12-15 00:38:10 | Deep Dive |
| CVE-2022-23524 | Helm vulnerable to Denial of service through string value parsing | helm | helm | Medium | 5.3 | 2022-12-15 00:28:35 | Deep Dive |