[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-15185":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":398,"aliases":399,"duplicate_of":9,"upstream":402,"downstream":403,"duplicates":406,"related":407,"reserved_at":9,"published_at":409,"modified_at":410,"state":411,"summary":412,"references_raw":421,"kevs":446,"epss":447,"epss_history":450,"metrics":708,"affected":726},"CVE-2020-15185","In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software.",null,[11,18,26],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-OTHER","Other","NVD uses this CWE ID when the weakness does not map to any existing CWE entry.","placeholder","NVD-Reserved",[],{"_key":19,"id":19,"name":20,"description":21,"type":22,"status":23,"abstraction":24,"likelihood_of_exploit":9,"capec":25},"CWE-694","Use of Multiple Resources with Duplicate Identifier","The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.","weakness","Incomplete","Base",[],{"_key":27,"id":27,"name":28,"description":29,"type":22,"status":23,"abstraction":30,"likelihood_of_exploit":31,"capec":32},"CWE-74","Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.","Class","High",[33,37,41,45,49,53,237,241,245,249,253,294,298,302,306,310,314,318,322,326,330,334,338,342,346,350,354,358,362,366,370,374,378,382,386,390,394],{"id":34,"name":35,"techniques":36},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":38,"name":39,"techniques":40},"CAPEC-101","Server Side Include (SSI) Injection",[],{"id":42,"name":43,"techniques":44},"CAPEC-105","HTTP Request Splitting",[],{"id":46,"name":47,"techniques":48},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":50,"name":51,"techniques":52},"CAPEC-120","Double Encoding",[],{"id":54,"name":55,"techniques":56},"CAPEC-13","Subverting Environment Variable Values",[57,155,197],{"id":58,"name":59,"tactics":60,"countermeasures":67},"T1562.003","Impair Command History Logging",[61,64],{"id":62,"name":63},"TA0030","Defense Evasion",{"id":65,"name":66},"TA0005","Stealth",[68,73,78,82,86,90,95,99,104,109,113,117,122,126,131,135,139,143,147,151],{"id":69,"name":70,"tactic":71},"D3-CI","Configuration Inventory",{"name":72},"Model",{"id":74,"name":75,"tactic":76},"D3-FA","File Analysis",{"name":77},"Detect",{"id":79,"name":80,"tactic":81},"D3-FIM","File Integrity Monitoring",{"name":77},{"id":83,"name":84,"tactic":85},"D3-DA","Dynamic Analysis",{"name":77},{"id":87,"name":88,"tactic":89},"D3-EFA","Emulated File Analysis",{"name":77},{"id":91,"name":92,"tactic":93},"D3-FEV","File Eviction",{"name":94},"Evict",{"id":96,"name":97,"tactic":98},"D3-RKD","Registry Key Deletion",{"name":94},{"id":100,"name":101,"tactic":102},"D3-DF","Decoy File",{"name":103},"Deceive",{"id":105,"name":106,"tactic":107},"D3-DRA","Disable Remote Access",{"name":108},"Harden",{"id":110,"name":111,"tactic":112},"D3-ACH","Application Configuration Hardening",{"name":108},{"id":114,"name":115,"tactic":116},"D3-FE","File Encryption",{"name":108},{"id":118,"name":119,"tactic":120},"D3-RC","Restore Configuration",{"name":121},"Restore",{"id":123,"name":124,"tactic":125},"D3-RF","Restore File",{"name":121},{"id":127,"name":128,"tactic":129},"D3-CQ","Content Quarantine",{"name":130},"Isolate",{"id":132,"name":133,"tactic":134},"D3-CF","Content Filtering",{"name":130},{"id":136,"name":137,"tactic":138},"D3-LFP","Local File Permissions",{"name":130},{"id":140,"name":141,"tactic":142},"D3-RFAM","Remote File Access Mediation",{"name":130},{"id":144,"name":145,"tactic":146},"D3-CM","Content Modification",{"name":130},{"id":148,"name":149,"tactic":150},"D3-EAL","Executable Allowlisting",{"name":130},{"id":152,"name":153,"tactic":154},"D3-EDL","Executable Denylisting",{"name":130},{"id":156,"name":157,"tactics":158,"countermeasures":170},"T1574.006","Dynamic Linker Hijacking",[159,162,165,166,167],{"id":160,"name":161},"TA0110","Persistence",{"id":163,"name":164},"TA0111","Privilege Escalation",{"id":62,"name":63},{"id":65,"name":66},{"id":168,"name":169},"TA0104","Execution",[171,175,177,179,181,183,185,187,189,191,193,195],{"id":172,"name":173,"tactic":174},"D3-SFA","System File Analysis",{"name":77},{"id":74,"name":75,"tactic":176},{"name":77},{"id":79,"name":80,"tactic":178},{"name":77},{"id":91,"name":92,"tactic":180},{"name":94},{"id":100,"name":101,"tactic":182},{"name":103},{"id":114,"name":115,"tactic":184},{"name":108},{"id":123,"name":124,"tactic":186},{"name":121},{"id":132,"name":133,"tactic":188},{"name":130},{"id":136,"name":137,"tactic":190},{"name":130},{"id":140,"name":141,"tactic":192},{"name":130},{"id":127,"name":128,"tactic":194},{"name":130},{"id":144,"name":145,"tactic":196},{"name":130},{"id":198,"name":199,"tactics":200,"countermeasures":206},"T1574.007","Path Interception by PATH Environment Variable",[201,202,203,204,205],{"id":160,"name":161},{"id":163,"name":164},{"id":62,"name":63},{"id":65,"name":66},{"id":168,"name":169},[207,209,211,213,215,217,219,221,223,225,227,229,231,233,235],{"id":74,"name":75,"tactic":208},{"name":77},{"id":79,"name":80,"tactic":210},{"name":77},{"id":83,"name":84,"tactic":212},{"name":77},{"id":87,"name":88,"tactic":214},{"name":77},{"id":91,"name":92,"tactic":216},{"name":94},{"id":100,"name":101,"tactic":218},{"name":103},{"id":114,"name":115,"tactic":220},{"name":108},{"id":123,"name":124,"tactic":222},{"name":121},{"id":132,"name":133,"tactic":224},{"name":130},{"id":136,"name":137,"tactic":226},{"name":130},{"id":140,"name":141,"tactic":228},{"name":130},{"id":127,"name":128,"tactic":230},{"name":130},{"id":144,"name":145,"tactic":232},{"name":130},{"id":148,"name":149,"tactic":234},{"name":130},{"id":152,"name":153,"tactic":236},{"name":130},{"id":238,"name":239,"techniques":240},"CAPEC-135","Format String Injection",[],{"id":242,"name":243,"techniques":244},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":246,"name":247,"techniques":248},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":250,"name":251,"techniques":252},"CAPEC-250","XML Injection",[],{"id":254,"name":255,"techniques":256},"CAPEC-267","Leverage Alternate Encoding",[257],{"id":258,"name":259,"tactics":260,"countermeasures":263},"T1027","Obfuscated Files or Information",[261,262],{"id":62,"name":63},{"id":65,"name":66},[264,266,268,270,272,274,276,278,280,282,284,286,288,290,292],{"id":74,"name":75,"tactic":265},{"name":77},{"id":79,"name":80,"tactic":267},{"name":77},{"id":83,"name":84,"tactic":269},{"name":77},{"id":87,"name":88,"tactic":271},{"name":77},{"id":91,"name":92,"tactic":273},{"name":94},{"id":100,"name":101,"tactic":275},{"name":103},{"id":114,"name":115,"tactic":277},{"name":108},{"id":123,"name":124,"tactic":279},{"name":121},{"id":132,"name":133,"tactic":281},{"name":130},{"id":136,"name":137,"tactic":283},{"name":130},{"id":140,"name":141,"tactic":285},{"name":130},{"id":127,"name":128,"tactic":287},{"name":130},{"id":144,"name":145,"tactic":289},{"name":130},{"id":148,"name":149,"tactic":291},{"name":130},{"id":152,"name":153,"tactic":293},{"name":130},{"id":295,"name":296,"techniques":297},"CAPEC-273","HTTP Response Smuggling",[],{"id":299,"name":300,"techniques":301},"CAPEC-28","Fuzzing",[],{"id":303,"name":304,"techniques":305},"CAPEC-3","Using Leading 'Ghost' Character Sequences to Bypass Input Filters",[],{"id":307,"name":308,"techniques":309},"CAPEC-34","HTTP Response Splitting",[],{"id":311,"name":312,"techniques":313},"CAPEC-42","MIME Conversion",[],{"id":315,"name":316,"techniques":317},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":319,"name":320,"techniques":321},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":323,"name":324,"techniques":325},"CAPEC-46","Overflow Variables and Tags",[],{"id":327,"name":328,"techniques":329},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":331,"name":332,"techniques":333},"CAPEC-51","Poison Web Service Registry",[],{"id":335,"name":336,"techniques":337},"CAPEC-52","Embedding NULL Bytes",[],{"id":339,"name":340,"techniques":341},"CAPEC-53","Postfix, Null Terminate, and Backslash",[],{"id":343,"name":344,"techniques":345},"CAPEC-6","Argument Injection",[],{"id":347,"name":348,"techniques":349},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":351,"name":352,"techniques":353},"CAPEC-67","String Format Overflow in syslog()",[],{"id":355,"name":356,"techniques":357},"CAPEC-7","Blind SQL Injection",[],{"id":359,"name":360,"techniques":361},"CAPEC-71","Using Unicode Encoding to Bypass Validation Logic",[],{"id":363,"name":364,"techniques":365},"CAPEC-72","URL Encoding",[],{"id":367,"name":368,"techniques":369},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":371,"name":372,"techniques":373},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":375,"name":376,"techniques":377},"CAPEC-79","Using Slashes in Alternate Encoding",[],{"id":379,"name":380,"techniques":381},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":383,"name":384,"techniques":385},"CAPEC-80","Using UTF-8 Encoding to Bypass Validation Logic",[],{"id":387,"name":388,"techniques":389},"CAPEC-83","XPath Injection",[],{"id":391,"name":392,"techniques":393},"CAPEC-84","XQuery Injection",[],{"id":395,"name":396,"techniques":397},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[],[400,401],"GHSA-jm56-5h66-w453","BIT-helm-2020-15185",[],[404],{"_key":405},"SUSE-SU-2020:3760-1",[],[408],{"_key":405},"2020-09-17T21:30:13.000Z","2024-08-04T13:08:22.474Z","Modified",{"cisa_kev":413,"cisa_ransomware":413,"cisa_vendor":9,"epss_severity":414,"epss_score":415,"severity":416,"severity_score":417,"severity_version":418,"severity_source":419,"severity_vector":420,"severity_status":411},false,"low",0.00234,"medium",4,"v2.0","nvd","AV:N/AC:L/Au:S/C:N/I:P/A:N",[422,431,437,442],{"url":423,"sources":424,"tags":427},"https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453",[425,419,426],"cve.org","osv_go",[428,429,430],"X Refsource CONFIRM","Third Party Advisory","WEB",{"url":432,"sources":433,"tags":434},"https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc",[425,419,426],[435,436,429,430],"X Refsource MISC","Patch",{"url":438,"sources":439,"tags":440},"https://nvd.nist.gov/vuln/detail/CVE-2020-15185",[426],[441],"Advisory",{"url":443,"sources":444,"tags":445},"https://github.com/helm/helm/commit/6aab63765f99050b115f0aec3d6350c85e8da946",[426],[430],[],{"date":448,"score":415,"percentile":449},"2026-06-04",0.46367,[451,454,457,460,463,466,469,472,475,477,480,483,486,489,492,495,498,501,503,505,508,511,514,516,519,522,525,528,531,534,537,540,543,545,548,551,554,557,560,563,566,569,572,574,577,580,583,586,589,592,594,596,599,602,605,607,610,613,615,618,621,624,626,629,632,635,638,641,644,647,650,653,656,659,662,665,668,671,674,677,680,683,685,688,691,694,697,700,702,705],{"date":452,"score":415,"percentile":453},"2025-11-04",0.4612,{"date":455,"score":415,"percentile":456},"2025-11-05",0.46105,{"date":458,"score":415,"percentile":459},"2025-11-06",0.46118,{"date":461,"score":415,"percentile":462},"2025-11-07",0.46144,{"date":464,"score":415,"percentile":465},"2025-11-08",0.46142,{"date":467,"score":415,"percentile":468},"2025-11-09",0.46125,{"date":470,"score":415,"percentile":471},"2025-11-10",0.46093,{"date":473,"score":415,"percentile":474},"2025-11-11",0.46112,{"date":476,"score":415,"percentile":462},"2025-11-12",{"date":478,"score":415,"percentile":479},"2025-11-13",0.46151,{"date":481,"score":415,"percentile":482},"2025-11-14",0.46167,{"date":484,"score":415,"percentile":485},"2025-11-15",0.46162,{"date":487,"score":415,"percentile":488},"2025-11-16",0.46148,{"date":490,"score":415,"percentile":491},"2025-11-17",0.46127,{"date":493,"score":415,"percentile":494},"2025-11-18",0.42478,{"date":496,"score":415,"percentile":497},"2025-11-19",0.42489,{"date":499,"score":415,"percentile":500},"2025-11-20",0.42498,{"date":502,"score":415,"percentile":453},"2025-11-21",{"date":504,"score":415,"percentile":459},"2025-11-22",{"date":506,"score":415,"percentile":507},"2025-11-23",0.46092,{"date":509,"score":415,"percentile":510},"2025-11-24",0.46083,{"date":512,"score":415,"percentile":513},"2025-11-25",0.46091,{"date":515,"score":415,"percentile":471},"2025-11-26",{"date":517,"score":415,"percentile":518},"2025-11-27",0.461,{"date":520,"score":415,"percentile":521},"2025-11-28",0.46067,{"date":523,"score":415,"percentile":524},"2025-11-29",0.46049,{"date":526,"score":415,"percentile":527},"2025-11-30",0.46036,{"date":529,"score":415,"percentile":530},"2025-12-01",0.46181,{"date":532,"score":415,"percentile":533},"2025-12-02",0.46196,{"date":535,"score":415,"percentile":536},"2025-12-03",0.46189,{"date":538,"score":415,"percentile":539},"2025-12-04",0.46029,{"date":541,"score":415,"percentile":542},"2025-12-05",0.46052,{"date":544,"score":415,"percentile":524},"2025-12-06",{"date":546,"score":415,"percentile":547},"2025-12-07",0.46033,{"date":549,"score":415,"percentile":550},"2025-12-08",0.46039,{"date":552,"score":415,"percentile":553},"2025-12-09",0.46069,{"date":555,"score":415,"percentile":556},"2025-12-10",0.46133,{"date":558,"score":415,"percentile":559},"2025-12-11",0.46156,{"date":561,"score":415,"percentile":562},"2025-12-12",0.46188,{"date":564,"score":415,"percentile":565},"2025-12-13",0.4617,{"date":567,"score":415,"percentile":568},"2025-12-14",0.46155,{"date":570,"score":415,"percentile":571},"2025-12-15",0.46138,{"date":573,"score":415,"percentile":479},"2025-12-16",{"date":575,"score":415,"percentile":576},"2025-12-17",0.46176,{"date":578,"score":415,"percentile":579},"2025-12-18",0.46221,{"date":581,"score":415,"percentile":582},"2025-12-19",0.46229,{"date":584,"score":415,"percentile":585},"2025-12-20",0.46202,{"date":587,"score":415,"percentile":588},"2025-12-21",0.46173,{"date":590,"score":415,"percentile":591},"2025-12-22",0.4615,{"date":593,"score":415,"percentile":591},"2025-12-23",{"date":595,"score":415,"percentile":485},"2025-12-24",{"date":597,"score":415,"percentile":598},"2025-12-25",0.46209,{"date":600,"score":415,"percentile":601},"2025-12-26",0.46194,{"date":603,"score":415,"percentile":604},"2025-12-27",0.46218,{"date":606,"score":415,"percentile":468},"2025-12-28",{"date":608,"score":415,"percentile":609},"2025-12-29",0.46106,{"date":611,"score":415,"percentile":612},"2025-12-30",0.46102,{"date":614,"score":415,"percentile":462},"2025-12-31",{"date":616,"score":415,"percentile":617},"2026-01-01",0.46301,{"date":619,"score":415,"percentile":620},"2026-01-02",0.46277,{"date":622,"score":415,"percentile":623},"2026-01-03",0.46262,{"date":625,"score":415,"percentile":510},"2026-01-04",{"date":627,"score":415,"percentile":628},"2026-01-05",0.46064,{"date":630,"score":415,"percentile":631},"2026-01-06",0.46068,{"date":633,"score":415,"percentile":634},"2026-01-07",0.46086,{"date":636,"score":415,"percentile":637},"2026-01-08",0.46111,{"date":639,"score":415,"percentile":640},"2026-01-09",0.46082,{"date":642,"score":415,"percentile":643},"2026-01-10",0.46076,{"date":645,"score":415,"percentile":646},"2026-01-11",0.46054,{"date":648,"score":415,"percentile":649},"2026-01-12",0.4601,{"date":651,"score":415,"percentile":652},"2026-01-13",0.45979,{"date":654,"score":415,"percentile":655},"2026-01-14",0.4603,{"date":657,"score":415,"percentile":658},"2026-01-15",0.46023,{"date":660,"score":415,"percentile":661},"2026-01-16",0.46046,{"date":663,"score":415,"percentile":664},"2026-01-17",0.46024,{"date":666,"score":415,"percentile":667},"2026-01-18",0.45996,{"date":669,"score":415,"percentile":670},"2026-01-19",0.45966,{"date":672,"score":415,"percentile":673},"2026-01-20",0.45965,{"date":675,"score":415,"percentile":676},"2026-01-21",0.45969,{"date":678,"score":415,"percentile":679},"2026-01-22",0.45971,{"date":681,"score":415,"percentile":682},"2026-01-23",0.46022,{"date":684,"score":415,"percentile":655},"2026-01-24",{"date":686,"score":415,"percentile":687},"2026-01-25",0.45977,{"date":689,"score":415,"percentile":690},"2026-01-26",0.45943,{"date":692,"score":415,"percentile":693},"2026-01-27",0.45948,{"date":695,"score":415,"percentile":696},"2026-01-28",0.45956,{"date":698,"score":415,"percentile":699},"2026-01-29",0.45945,{"date":701,"score":415,"percentile":696},"2026-01-30",{"date":703,"score":415,"percentile":704},"2026-01-31",0.45964,{"date":706,"score":415,"percentile":707},"2026-02-01",0.46097,[709,716,724],{"source":425,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":710,"cvss_v4_0":9},{"baseScore":711,"baseSeverity":712,"vectorString":713,"impactScore":714,"exploitabilityScore":715},2.2,"LOW","CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",2.3,1.8,{"source":419,"cvss_v2_0":717,"cvss_v3_0":9,"cvss_v3_1":720,"cvss_v4_0":9},{"baseScore":417,"baseSeverity":9,"vectorString":420,"impactScore":718,"exploitabilityScore":719},2.9,8,{"baseScore":721,"baseSeverity":712,"vectorString":722,"impactScore":714,"exploitabilityScore":723},2.7,"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",3.1,{"source":426,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":725,"cvss_v4_0":9},{"baseScore":711,"baseSeverity":9,"vectorString":713,"impactScore":714,"exploitabilityScore":715},[727,740,749],{"ecosystem":728,"name":729,"vendor":730,"product":731,"cpe_part":9,"purl_type":732,"purl_namespace":730,"purl_name":731,"source":9,"versions":733},"Go","helm.sh/helm","helm.sh","helm","golang",[734],{"version":735,"is_range":736,"range_type":737,"version_start":9,"version_start_type":9,"version_end":738,"version_end_type":739,"fixed_in":9},"lt2_16_11",true,"semver","2.16.11","excluding",{"ecosystem":728,"name":741,"vendor":729,"product":742,"cpe_part":9,"purl_type":732,"purl_namespace":729,"purl_name":742,"source":9,"versions":743},"helm.sh/helm/v3","v3",[744],{"version":745,"is_range":736,"range_type":737,"version_start":746,"version_start_type":747,"version_end":748,"version_end_type":739,"fixed_in":9},"gte3_0_0_lt3_3_2","3.0.0","including","3.3.2",{"ecosystem":9,"name":731,"vendor":731,"product":731,"cpe_part":750,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":751},"a",[752,756],{"version":753,"is_range":736,"range_type":754,"version_start":755,"version_start_type":747,"version_end":738,"version_end_type":739,"fixed_in":9},">= 2.0.0, \u003C 2.16.11","cpe","2.0.0",{"version":757,"is_range":736,"range_type":754,"version_start":746,"version_start_type":747,"version_end":748,"version_end_type":739,"fixed_in":9},">= 3.0.0, \u003C 3.3.2"]