products / helm
Helm
Helm is the Kubernetes package manager for charts and releases. NVD tracks it as helm:helm with semver-style versions.
api usage
Querying Helm
product slug
helmversion format
3.9.0, 3.14.0bash
curl "https://api.attestd.io/v1/check?product=helm&version=3.9.0" \
-H "Authorization: Bearer $ATTESTD_KEY"Helm 3.9.0 is affected by CVE-2022-23524 (ReDoS via malformed chart string handling).
json
{
"product": "helm",
"version": "3.9.0",
"supported": true,
"risk_state": "high",
"risk_factors": ["denial_of_service", "patch_available"],
"actively_exploited": false,
"remote_exploitable": true,
"authentication_required": false,
"patch_available": true,
"fixed_version": "3.14.2",
"confidence": 0.82,
"cve_ids": ["CVE-2022-23524"],
"last_updated": "2026-04-25T00:00:00Z"
}safe version
3.14.0 is used as a patched-line example; verify with live API after NVD cycles.
bash
curl "https://api.attestd.io/v1/check?product=helm&version=3.18.5" \
-H "Authorization: Bearer $ATTESTD_KEY"notable cves
CVE history
| CVE | Description | Affects | CVSS |
|---|---|---|---|
CVE-2022-23524 | ReDoS via crafted chart data in string handling. | 3.x before 3.10.3 | 7.5 |
CVE-2022-23525 | ReDoS on nil map access in chart processing. | 3.x | 7.5 |
CVE-2022-23526 | ReDoS in template dependency resolution. | 3.x | 7.5 |
CVE-2021-32690 | Repository credentials leaked to chart dependencies. | 3.x | 7.4 |
CVE-2019-18658 | Command injection during plugin install path. | 2.x | 9.8 |
related