helm.sh/helm/v4

Go3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting helm.sh/helm/v4page 1 of 1

CVE-2026-35204HIGHCVSS 8.6EG 8.6✓ Fixed in 4.1.4
2026-04-09
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. To prevent this,…
CVE-2026-35205HIGHCVSS 7.8EG 7.8✓ Fixed in 4.1.4
2026-04-09
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is required. This vulnerability is fixed in 4.1.4.
CVE-2026-35206MEDIUMCVSS 4.4EG 4.4✓ Fixed in 4.1.4
2026-04-09
Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar [chart URL | repo/chartname] to write the Chart's contents to the immediate output director…

Check whether helm.sh/helm/v4 is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for helm.sh/helm/v4 CVEs against the assets you own.

Start Free Scan →