helpy.io CVE Vulnerabilities & Metrics

Focus on helpy.io vulnerabilities and metrics.

Last updated: 12 May 2026, 22:25 UTC

About helpy.io Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with helpy.io. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total helpy.io CVEs: 6
Earliest CVE date: 18 Jun 2019, 14:15 UTC
Latest CVE date: 29 Apr 2026, 16:16 UTC

Latest CVE reference: CVE-2026-40230

Rolling Stats

30-day Count (Rolling): 2
365-day Count (Rolling): 3

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical helpy.io CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.8

Max CVSS: 6.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 4
4.0-6.9 2
7.0-8.9 0
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS helpy.io CVEs

These are the five CVEs with the highest CVSS scores for helpy.io, sorted by severity first and recency.

All CVEs for helpy.io

CVE-2026-40230 helpy.io vulnerability CVSS: 0 29 Apr 2026, 16:16 UTC

Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0.

CVE-2026-40229 helpy.io vulnerability CVSS: 0 29 Apr 2026, 16:16 UTC

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML notification emails sent to other users.This issue affects helpy: 2.8.0.

CVE-2025-52184 helpy.io vulnerability CVSS: 0 26 Aug 2025, 17:15 UTC

Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileges via the New Topic Ticket funtion.

CVE-2023-0357 helpy.io vulnerability CVSS: 0 04 Apr 2023, 23:15 UTC

Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket.

CVE-2018-20851 helpy.io vulnerability CVSS: 6.5 10 Jul 2019, 14:15 UTC

Helpy before 2.2.0 allows agents to edit admins.

CVE-2018-18886 helpy.io vulnerability CVSS: 4.3 18 Jun 2019, 14:15 UTC

Helpy v2.1.0 has Stored XSS via the Ticket title.