Every CVE whose affected-product data names Haxx Curl, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (160)
CVE-2017-8818 — CVSS 9.8 (critical): curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application…
CVE-2017-8817 — CVSS 9.8 (critical): The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and…
CVE-2017-8816 — CVSS 9.8 (critical): The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service…
CVE-2026-8925 — CVSS 9.8 (critical): The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in…
CVE-2026-11856 — CVSS 9.8 (critical): Successfully using libcurl to do a transfer to a specific HTTP origin (`hostA`) with **Digest** authentication and then changing the origin…
CVE-2026-10536 — CVSS 9.8 (critical): A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS…
CVE-2026-9079 — CVSS 9.8 (critical): libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials…
CVE-2022-32221 — CVSS 9.8 (critical): When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when…
CVE-2022-32207 — CVSS 9.8 (critical): When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a…
CVE-2016-4606 — CVSS 9.8 (critical): Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain…
CVE-2018-16840 — CVSS 9.8 (critical): A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When…
CVE-2018-1000300 — CVSS 9.8 (critical): curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and…
CVE-2018-1000120 — CVSS 9.8 (critical): A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of…
CVE-2018-1000007 — CVSS 9.8 (critical): libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP…
CVE-2018-0500 — CVSS 9.8 (critical): Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable…
CVE-2016-9953 — CVSS 9.8 (critical): The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS…
CVE-2017-2628 — CVSS 9.8 (critical): curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it…
CVE-2018-1000122 — CVSS 9.1 (critical): A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a…
CVE-2018-1000301 — CVSS 9.1 (critical): curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can…
CVE-2026-8927 — CVSS 9.1 (critical): When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy…
CVE-2026-8926 — CVSS 9.1 (critical): When asking curl to use a `.netrc` file to find credentials and at the same time specifying a URL with a username(without a password), like…
CVE-2026-8924 — CVSS 9.1 (critical): A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check…
CVE-2023-23914 — CVSS 9.1 (critical): A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when…
CVE-2026-11564 — CVSS 9.1 (critical): libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy…
CVE-2015-3144 — CVSS 9.0 (critical): The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to…
CVE-2023-27534 — CVSS 8.8 (high): A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as…
CVE-2005-0490 — CVSS 8.8 (high): Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to…
CVE-2023-27533 — CVSS 8.8 (high): A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on…
CVE-2024-2398 — CVSS 8.6 (high): When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the…
CVE-2022-42915 — CVSS 8.1 (high): curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection…
CVE-2022-27778 — CVSS 8.1 (high): A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with…
CVE-2022-22576 — CVSS 8.1 (high): An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated…
CVE-2026-8286 — CVSS 8.1 (high): A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even…
CVE-2021-22901 — CVSS 8.1 (high): curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session…
CVE-2016-9952 — CVSS 8.1 (high): The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS…
CVE-2016-4802 — CVSS 7.8 (high): Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local…
CVE-2019-5443 — CVSS 7.8 (high): A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <=…
CVE-2020-8177 — CVSS 7.8 (high): curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a…
CVE-2013-0249 — CVSS 7.5 (high): Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through…
CVE-2015-3145 — CVSS 7.5 (high): The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote…
CVE-2018-1000121 — CVSS 7.5 (high): A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of…
CVE-2020-8169 — CVSS 7.5 (high): curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over…
CVE-2021-22926 — CVSS 7.5 (high): libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT`…
CVE-2021-22946 — CVSS 7.5 (high): A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server…
CVE-2022-27775 — CVSS 7.5 (high): An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the…
CVE-2022-27780 — CVSS 7.5 (high): The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a…
CVE-2022-27781 — CVSS 7.5 (high): libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate…
CVE-2022-27782 — CVSS 7.5 (high): libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited…
CVE-2022-42916 — CVSS 7.5 (high): In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed…
CVE-2022-43551 — CVSS 7.5 (high): A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can…
CVE-2023-28319 — CVSS 7.5 (high): A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA…
CVE-2023-38039 — CVSS 7.5 (high): When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API…
CVE-2025-5399 — CVSS 7.5 (high): Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in…
CVE-2025-9086 — CVSS 7.5 (high): 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target`…
CVE-2026-11352 — CVSS 7.5 (high): An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or…
CVE-2026-11586 — CVSS 7.5 (high): By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged…
CVE-2026-12064 — CVSS 7.5 (high): When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer…
CVE-2026-3805 — CVSS 7.5 (high): When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.
CVE-2026-5773 — CVSS 7.5 (high): libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that…
CVE-2026-6276 — CVSS 7.5 (high): Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy…
CVE-2026-8932 — CVSS 7.5 (high): libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited…
CVE-2026-9545 — CVSS 7.5 (high): In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site…
CVE-2026-9546 — CVSS 7.5 (high): A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation states that…
CVE-2026-9547 — CVSS 7.4 (high): When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may…
CVE-2026-9080 — CVSS 7.3 (high): Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback triggers a use-after-free vulnerability, where…
CVE-2016-0755 — CVSS 7.3 (high): The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which…
CVE-2025-0725 — CVSS 7.3 (high): When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option…
CVE-2025-0665 — CVSS 7.0 (high): libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded…
CVE-2013-2174 — CVSS 6.8 (medium): Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote…
CVE-2017-1000101 — CVSS 6.5 (medium): curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence…
CVE-2026-1965 — CVSS 6.5 (medium): libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl…
CVE-2026-5545 — CVSS 6.5 (medium): libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a…
CVE-2022-27776 — CVSS 6.5 (medium): A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP…
CVE-2026-8458 — CVSS 6.5 (medium): libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use…
CVE-2016-8620 — CVSS 6.5 (medium): The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled…
CVE-2025-4947 — CVSS 6.5 (medium): libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the…
CVE-2022-32206 — CVSS 6.5 (medium): curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and…
CVE-2024-2466 — CVSS 6.5 (medium): libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS…
CVE-2023-23915 — CVSS 6.5 (medium): A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave…
CVE-2023-23916 — CVSS 6.5 (medium): An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression…
CVE-2023-46218 — CVSS 6.5 (medium): This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise…
CVE-2026-3784 — CVSS 6.5 (medium): curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials…
CVE-2021-22922 — CVSS 6.5 (medium): When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML…
CVE-2016-9594 — CVSS 6.5 (medium): curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value…
CVE-2022-35260 — CVSS 6.5 (medium): curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no…
CVE-2024-9681 — CVSS 6.5 (medium): When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or…
CVE-2024-8096 — CVSS 6.5 (medium): When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server…
CVE-2015-3237 — CVSS 6.4 (medium): The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from…
CVE-2014-0138 — CVSS 6.4 (medium): The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7)…
CVE-2025-14017 — CVSS 6.3 (medium): When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them…
CVE-2024-2379 — CVSS 6.3 (medium): libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an…
CVE-2023-28321 — CVSS 5.9 (medium): An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as…
CVE-2026-4873 — CVSS 5.9 (medium): A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection…
CVE-2021-22947 — CVSS 5.9 (medium): When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server…
CVE-2026-6253 — CVSS 5.9 (medium): curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1…
CVE-2022-32208 — CVSS 5.9 (medium): When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a…
CVE-2022-43552 — CVSS 5.9 (medium): A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP…
CVE-2023-28320 — CVSS 5.9 (medium): A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names…
CVE-2025-13034 — CVSS 5.9 (medium): When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the…
CVE-2016-9586 — CVSS 5.9 (medium): curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the…
CVE-2014-0139 — CVSS 5.8 (medium): cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in…
CVE-2022-27774 — CVSS 5.7 (medium): An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an…
CVE-2026-7168 — CVSS 5.3 (medium): Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the…
CVE-2022-27779 — CVSS 5.3 (medium): libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to…
CVE-2016-8615 — CVSS 5.3 (medium): A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for…
CVE-2016-8618 — CVSS 5.3 (medium): The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t`…
CVE-2023-46219 — CVSS 5.3 (medium): When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file…
CVE-2026-7009 — CVSS 5.3 (medium): When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP stapling*, to verify that the server…
CVE-2026-6429 — CVSS 5.3 (medium): When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first…
CVE-2024-0853 — CVSS 5.3 (medium): curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A…
CVE-2016-8619 — CVSS 5.3 (medium): The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
CVE-2021-22923 — CVSS 5.3 (medium): When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file…
CVE-2016-0754 — CVSS 5.3 (medium): cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a…
CVE-2025-10148 — CVSS 5.3 (medium): curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed…
CVE-2016-8621 — CVSS 5.3 (medium): The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit…
CVE-2016-8624 — CVSS 5.3 (medium): curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character…
CVE-2026-3783 — CVSS 5.3 (medium): When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that…
CVE-2025-14524 — CVSS 5.3 (medium): When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses…
CVE-2025-14819 — CVSS 5.3 (medium): When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could…
CVE-2025-15079 — CVSS 5.3 (medium): When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting…
CVE-2016-8625 — CVSS 5.3 (medium): curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and…
CVE-2021-22897 — CVSS 5.3 (medium): curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST…
CVE-2017-9502 — CVSS 5.3 (medium): In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which…
CVE-2021-22925 — CVSS 5.3 (medium): curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send…
CVE-2016-3739 — CVSS 5.3 (medium): The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and…
CVE-2015-3153 — CVSS 5.0 (medium): The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which…
CVE-2015-3143 — CVSS 5.0 (medium): cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users…
CVE-2015-3148 — CVSS 5.0 (medium): cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect…
CVE-2014-3620 — CVSS 5.0 (medium): cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a…
CVE-2015-3236 — CVSS 5.0 (medium): cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset…
CVE-2014-3613 — CVSS 5.0 (medium): cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies…
CVE-2013-1944 — CVSS 5.0 (medium): The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which…
CVE-2025-5025 — CVSS 4.8 (medium): libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when…
CVE-2018-16842 — CVSS 4.4 (medium): Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in…
CVE-2017-2629 — CVSS 4.3 (medium): curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's…
CVE-2013-4545 — CVSS 4.3 (medium): cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification…
CVE-2011-3389 — CVSS 4.3 (medium): The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome…
CVE-2022-30115 — CVSS 4.3 (medium): Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is…
CVE-2022-32205 — CVSS 4.3 (medium): A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A…
CVE-2018-16839 — CVSS 4.3 (medium): Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
CVE-2025-10966 — CVSS 4.3 (medium): curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification…
CVE-2014-2522 — CVSS 4.0 (medium): curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server…
CVE-2014-0015 — CVSS 4.0 (medium): cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow…
CVE-2020-8284 — CVSS 3.7 (low): A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and…
CVE-2016-8616 — CVSS 3.7 (low): A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and…
CVE-2022-35252 — CVSS 3.7 (low): When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back…
CVE-2019-5435 — CVSS 3.7 (low): An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.
CVE-2023-28322 — CVSS 3.7 (low): An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read…
CVE-2024-2004 — CVSS 3.5 (low): When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the…
CVE-2025-0167 — CVSS 3.4 (low): When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to…
CVE-2024-11053 — CVSS 3.4 (low): When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host…
CVE-2016-8623 — CVSS 3.3 (low): A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to…
CVE-2016-8617 — CVSS 3.3 (low): The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at…
CVE-2020-19909 — CVSS 3.3 (low): Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this…
CVE-2025-15224 — CVSS 3.1 (low): When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and…
CVE-2021-22898 — CVSS 3.1 (low): curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in…
CVE-2017-7407 — CVSS 2.4 (low): The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from…