pkg:Go/helm.sh/helm/v4
3 total CVEsHIGH2
✅ Check your installed version
All known vulnerabilities
HIGH8.6CVE-2026-35204Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory >= 4.0.0, < 4.1.4
HIGH7.8CVE-2026-35205Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install >= 4.0.0, < 4.1.4
—CVE-2026-35206Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment from 0, < 4.1.4