rpm package
suse/helm&distro=SUSE Linux Enterprise Module for Package Hub 15 SP7
pkg:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-35206 | Med | 4.4 | < 3.20.2-150000.1.71.2 | 3.20.2-150000.1.71.2 | Apr 9, 2026 | Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar [chart URL | repo/chartname] to write the Chart's contents to the immediate output directory (as defaulted to the current working di | |
| CVE-2025-58190 | — | < 3.19.1-150000.1.57.1 | 3.19.1-150000.1.57.1 | Feb 5, 2026 | The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content. | ||
| CVE-2025-47911 | — | < 3.19.1-150000.1.57.1 | 3.19.1-150000.1.57.1 | Feb 5, 2026 | The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content. | ||
| CVE-2025-55199 | — | < 3.20.2-150000.1.71.2 | 3.20.2-150000.1.71.2 | Aug 13, 2025 | Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A work | ||
| CVE-2025-53547 | — | < 3.19.1-150000.1.57.1 | 3.19.1-150000.1.57.1 | Jul 8, 2025 | Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lo | ||
| CVE-2025-22872 | Med | 6.5 | < 3.18.3-150000.1.50.1 | 3.18.3-150000.1.50.1 | Apr 16, 2025 | The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul |
- affected < 3.20.2-150000.1.71.2fixed 3.20.2-150000.1.71.2
Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar [chart URL | repo/chartname] to write the Chart's contents to the immediate output directory (as defaulted to the current working di
- CVE-2025-58190Feb 5, 2026affected < 3.19.1-150000.1.57.1fixed 3.19.1-150000.1.57.1
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
- CVE-2025-47911Feb 5, 2026affected < 3.19.1-150000.1.57.1fixed 3.19.1-150000.1.57.1
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
- CVE-2025-55199Aug 13, 2025affected < 3.20.2-150000.1.71.2fixed 3.20.2-150000.1.71.2
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A work
- CVE-2025-53547Jul 8, 2025affected < 3.19.1-150000.1.57.1fixed 3.19.1-150000.1.57.1
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lo
- affected < 3.18.3-150000.1.50.1fixed 3.18.3-150000.1.50.1
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul