Search for packages
| purl | pkg:generic/curl.se/curl@8.6.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-176a-agbw-hqdy
Aliases: CVE-2025-5025 |
curl: libcurl: QUIC Certificate Pinning Bypass |
Affected by 14 other vulnerabilities. |
|
VCID-2cx5-1qnw-uufj
Aliases: CVE-2026-1965 |
curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication |
Affected by 0 other vulnerabilities. |
|
VCID-2szj-xvgq-pkfr
Aliases: CVE-2024-2379 |
curl: QUIC certificate check bypass with wolfSSL |
Affected by 17 other vulnerabilities. |
|
VCID-2vwu-y316-gbb2
Aliases: CVE-2024-2466 |
Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure. |
Affected by 17 other vulnerabilities. |
|
VCID-5xp7-mcsa-uqd4
Aliases: CVE-2025-14819 |
When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not. |
Affected by 4 other vulnerabilities. |
|
VCID-6we4-n888-6qhe
Aliases: CVE-2025-0725 |
libcurl: Buffer Overflow in libcurl via zlib Integer Overflow |
Affected by 13 other vulnerabilities. |
|
VCID-75nw-4e2d-zqgg
Aliases: CVE-2024-7264 |
curl: libcurl: ASN.1 date parser overread |
Affected by 17 other vulnerabilities. |
|
VCID-8m6a-ej6a-g3df
Aliases: CVE-2024-6197 |
curl: freeing stack buffer in utf8asn1str |
Affected by 18 other vulnerabilities. |
|
VCID-8zks-th64-33b8
Aliases: CVE-2026-3784 |
curl: curl: Unauthorized access due to improper HTTP proxy connection reuse |
Affected by 0 other vulnerabilities. |
|
VCID-etzn-uhck-h7b2
Aliases: CVE-2026-3783 |
curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect |
Affected by 0 other vulnerabilities. |
|
VCID-hrsy-694u-2fec
Aliases: CVE-2024-8096 |
curl: OCSP stapling bypass with GnuTLS |
Affected by 16 other vulnerabilities. |
|
VCID-mkyr-w79c-qqfz
Aliases: CVE-2025-14017 |
curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers |
Affected by 4 other vulnerabilities. |
|
VCID-nvzd-v3bs-6qek
Aliases: CVE-2025-15079 |
When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file. |
Affected by 4 other vulnerabilities. |
|
VCID-pwn6-j8vf-rufk
Aliases: CVE-2024-9681 |
curl: HSTS subdomain overwrites parent cache entry |
Affected by 16 other vulnerabilities. |
|
VCID-qpux-jh6k-8qhx
Aliases: CVE-2025-10966 |
curl: Curl missing SFTP host verification with wolfSSH backend |
Affected by 10 other vulnerabilities. |
|
VCID-t9p4-2x7v-yfaq
Aliases: CVE-2025-0167 |
Affected by 13 other vulnerabilities. |
|
|
VCID-tha5-fv3w-sub6
Aliases: CVE-2024-2004 |
Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure. |
Affected by 17 other vulnerabilities. |
|
VCID-u4bx-xqb3-vuef
Aliases: CVE-2024-2398 |
Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure. |
Affected by 17 other vulnerabilities. |
|
VCID-vbbv-k1r7-kkas
Aliases: CVE-2025-15224 |
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent. |
Affected by 4 other vulnerabilities. |
|
VCID-wgma-bycg-1qb1
Aliases: CVE-2024-11053 |
curl: curl netrc password leak |
Affected by 16 other vulnerabilities. |
|
VCID-x57x-w8g8-7ybz
Aliases: CVE-2025-14524 |
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. |
Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-b69q-9yrr-myf7 | Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure. |
CVE-2024-0853
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T18:21:19.141380+00:00 | Curl Importer | Fixing | VCID-b69q-9yrr-myf7 | https://curl.se/docs/CVE-2024-0853.json | 38.0.0 |
| 2026-04-01T18:21:19.113360+00:00 | Curl Importer | Affected by | VCID-tha5-fv3w-sub6 | https://curl.se/docs/CVE-2024-2004.json | 38.0.0 |
| 2026-04-01T18:21:19.029813+00:00 | Curl Importer | Affected by | VCID-2szj-xvgq-pkfr | https://curl.se/docs/CVE-2024-2379.json | 38.0.0 |
| 2026-04-01T18:21:19.002114+00:00 | Curl Importer | Affected by | VCID-u4bx-xqb3-vuef | https://curl.se/docs/CVE-2024-2398.json | 38.0.0 |
| 2026-04-01T18:21:18.673171+00:00 | Curl Importer | Affected by | VCID-2vwu-y316-gbb2 | https://curl.se/docs/CVE-2024-2466.json | 38.0.0 |
| 2026-04-01T18:21:18.632253+00:00 | Curl Importer | Affected by | VCID-8m6a-ej6a-g3df | https://curl.se/docs/CVE-2024-6197.json | 38.0.0 |
| 2026-04-01T18:21:18.551592+00:00 | Curl Importer | Affected by | VCID-75nw-4e2d-zqgg | https://curl.se/docs/CVE-2024-7264.json | 38.0.0 |
| 2026-04-01T18:21:18.165670+00:00 | Curl Importer | Affected by | VCID-hrsy-694u-2fec | https://curl.se/docs/CVE-2024-8096.json | 38.0.0 |
| 2026-04-01T18:21:17.801974+00:00 | Curl Importer | Affected by | VCID-pwn6-j8vf-rufk | https://curl.se/docs/CVE-2024-9681.json | 38.0.0 |
| 2026-04-01T18:21:17.637859+00:00 | Curl Importer | Affected by | VCID-wgma-bycg-1qb1 | https://curl.se/docs/CVE-2024-11053.json | 38.0.0 |
| 2026-04-01T18:21:17.475731+00:00 | Curl Importer | Affected by | VCID-t9p4-2x7v-yfaq | https://curl.se/docs/CVE-2025-0167.json | 38.0.0 |
| 2026-04-01T18:21:17.277542+00:00 | Curl Importer | Affected by | VCID-6we4-n888-6qhe | https://curl.se/docs/CVE-2025-0725.json | 38.0.0 |
| 2026-04-01T18:21:16.591453+00:00 | Curl Importer | Affected by | VCID-176a-agbw-hqdy | https://curl.se/docs/CVE-2025-5025.json | 38.0.0 |
| 2026-04-01T18:21:16.383485+00:00 | Curl Importer | Affected by | VCID-qpux-jh6k-8qhx | https://curl.se/docs/CVE-2025-10966.json | 38.0.0 |
| 2026-04-01T18:21:16.077260+00:00 | Curl Importer | Affected by | VCID-mkyr-w79c-qqfz | https://curl.se/docs/CVE-2025-14017.json | 38.0.0 |
| 2026-04-01T18:21:15.537078+00:00 | Curl Importer | Affected by | VCID-x57x-w8g8-7ybz | https://curl.se/docs/CVE-2025-14524.json | 38.0.0 |
| 2026-04-01T18:21:15.133167+00:00 | Curl Importer | Affected by | VCID-5xp7-mcsa-uqd4 | https://curl.se/docs/CVE-2025-14819.json | 38.0.0 |
| 2026-04-01T18:21:15.003374+00:00 | Curl Importer | Affected by | VCID-nvzd-v3bs-6qek | https://curl.se/docs/CVE-2025-15079.json | 38.0.0 |
| 2026-04-01T18:21:14.731316+00:00 | Curl Importer | Affected by | VCID-vbbv-k1r7-kkas | https://curl.se/docs/CVE-2025-15224.json | 38.0.0 |
| 2026-04-01T18:21:14.444638+00:00 | Curl Importer | Affected by | VCID-2cx5-1qnw-uufj | https://curl.se/docs/CVE-2026-1965.json | 38.0.0 |
| 2026-04-01T18:21:13.807244+00:00 | Curl Importer | Affected by | VCID-etzn-uhck-h7b2 | https://curl.se/docs/CVE-2026-3783.json | 38.0.0 |
| 2026-04-01T18:21:13.378142+00:00 | Curl Importer | Affected by | VCID-8zks-th64-33b8 | https://curl.se/docs/CVE-2026-3784.json | 38.0.0 |