Search for packages
| purl | pkg:generic/curl.se/curl@8.7.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-176a-agbw-hqdy
Aliases: CVE-2025-5025 |
curl: libcurl: QUIC Certificate Pinning Bypass |
Affected by 14 other vulnerabilities. |
|
VCID-2cx5-1qnw-uufj
Aliases: CVE-2026-1965 |
curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication |
Affected by 0 other vulnerabilities. |
|
VCID-5xp7-mcsa-uqd4
Aliases: CVE-2025-14819 |
When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not. |
Affected by 4 other vulnerabilities. |
|
VCID-6we4-n888-6qhe
Aliases: CVE-2025-0725 |
libcurl: Buffer Overflow in libcurl via zlib Integer Overflow |
Affected by 13 other vulnerabilities. |
|
VCID-75nw-4e2d-zqgg
Aliases: CVE-2024-7264 |
curl: libcurl: ASN.1 date parser overread |
Affected by 17 other vulnerabilities. |
|
VCID-8m6a-ej6a-g3df
Aliases: CVE-2024-6197 |
curl: freeing stack buffer in utf8asn1str |
Affected by 18 other vulnerabilities. |
|
VCID-8zks-th64-33b8
Aliases: CVE-2026-3784 |
curl: curl: Unauthorized access due to improper HTTP proxy connection reuse |
Affected by 0 other vulnerabilities. |
|
VCID-etzn-uhck-h7b2
Aliases: CVE-2026-3783 |
curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect |
Affected by 0 other vulnerabilities. |
|
VCID-hrsy-694u-2fec
Aliases: CVE-2024-8096 |
curl: OCSP stapling bypass with GnuTLS |
Affected by 16 other vulnerabilities. |
|
VCID-mkyr-w79c-qqfz
Aliases: CVE-2025-14017 |
curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers |
Affected by 4 other vulnerabilities. |
|
VCID-nvzd-v3bs-6qek
Aliases: CVE-2025-15079 |
When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file. |
Affected by 4 other vulnerabilities. |
|
VCID-pwn6-j8vf-rufk
Aliases: CVE-2024-9681 |
curl: HSTS subdomain overwrites parent cache entry |
Affected by 16 other vulnerabilities. |
|
VCID-qpux-jh6k-8qhx
Aliases: CVE-2025-10966 |
curl: Curl missing SFTP host verification with wolfSSH backend |
Affected by 10 other vulnerabilities. |
|
VCID-t9p4-2x7v-yfaq
Aliases: CVE-2025-0167 |
Affected by 13 other vulnerabilities. |
|
|
VCID-vbbv-k1r7-kkas
Aliases: CVE-2025-15224 |
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent. |
Affected by 4 other vulnerabilities. |
|
VCID-wgma-bycg-1qb1
Aliases: CVE-2024-11053 |
curl: curl netrc password leak |
Affected by 16 other vulnerabilities. |
|
VCID-x57x-w8g8-7ybz
Aliases: CVE-2025-14524 |
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. |
Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2szj-xvgq-pkfr | curl: QUIC certificate check bypass with wolfSSL |
CVE-2024-2379
|
| VCID-2vwu-y316-gbb2 | Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure. |
CVE-2024-2466
|
| VCID-tha5-fv3w-sub6 | Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure. |
CVE-2024-2004
|
| VCID-u4bx-xqb3-vuef | Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure. |
CVE-2024-2398
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T18:21:19.116821+00:00 | Curl Importer | Fixing | VCID-tha5-fv3w-sub6 | https://curl.se/docs/CVE-2024-2004.json | 38.0.0 |
| 2026-04-01T18:21:19.033609+00:00 | Curl Importer | Fixing | VCID-2szj-xvgq-pkfr | https://curl.se/docs/CVE-2024-2379.json | 38.0.0 |
| 2026-04-01T18:21:19.006032+00:00 | Curl Importer | Fixing | VCID-u4bx-xqb3-vuef | https://curl.se/docs/CVE-2024-2398.json | 38.0.0 |
| 2026-04-01T18:21:18.676965+00:00 | Curl Importer | Fixing | VCID-2vwu-y316-gbb2 | https://curl.se/docs/CVE-2024-2466.json | 38.0.0 |
| 2026-04-01T18:21:18.635747+00:00 | Curl Importer | Affected by | VCID-8m6a-ej6a-g3df | https://curl.se/docs/CVE-2024-6197.json | 38.0.0 |
| 2026-04-01T18:21:18.554969+00:00 | Curl Importer | Affected by | VCID-75nw-4e2d-zqgg | https://curl.se/docs/CVE-2024-7264.json | 38.0.0 |
| 2026-04-01T18:21:18.169385+00:00 | Curl Importer | Affected by | VCID-hrsy-694u-2fec | https://curl.se/docs/CVE-2024-8096.json | 38.0.0 |
| 2026-04-01T18:21:17.805554+00:00 | Curl Importer | Affected by | VCID-pwn6-j8vf-rufk | https://curl.se/docs/CVE-2024-9681.json | 38.0.0 |
| 2026-04-01T18:21:17.641441+00:00 | Curl Importer | Affected by | VCID-wgma-bycg-1qb1 | https://curl.se/docs/CVE-2024-11053.json | 38.0.0 |
| 2026-04-01T18:21:17.479386+00:00 | Curl Importer | Affected by | VCID-t9p4-2x7v-yfaq | https://curl.se/docs/CVE-2025-0167.json | 38.0.0 |
| 2026-04-01T18:21:17.281127+00:00 | Curl Importer | Affected by | VCID-6we4-n888-6qhe | https://curl.se/docs/CVE-2025-0725.json | 38.0.0 |
| 2026-04-01T18:21:16.594945+00:00 | Curl Importer | Affected by | VCID-176a-agbw-hqdy | https://curl.se/docs/CVE-2025-5025.json | 38.0.0 |
| 2026-04-01T18:21:16.386928+00:00 | Curl Importer | Affected by | VCID-qpux-jh6k-8qhx | https://curl.se/docs/CVE-2025-10966.json | 38.0.0 |
| 2026-04-01T18:21:16.080916+00:00 | Curl Importer | Affected by | VCID-mkyr-w79c-qqfz | https://curl.se/docs/CVE-2025-14017.json | 38.0.0 |
| 2026-04-01T18:21:15.540496+00:00 | Curl Importer | Affected by | VCID-x57x-w8g8-7ybz | https://curl.se/docs/CVE-2025-14524.json | 38.0.0 |
| 2026-04-01T18:21:15.136550+00:00 | Curl Importer | Affected by | VCID-5xp7-mcsa-uqd4 | https://curl.se/docs/CVE-2025-14819.json | 38.0.0 |
| 2026-04-01T18:21:15.006842+00:00 | Curl Importer | Affected by | VCID-nvzd-v3bs-6qek | https://curl.se/docs/CVE-2025-15079.json | 38.0.0 |
| 2026-04-01T18:21:14.734794+00:00 | Curl Importer | Affected by | VCID-vbbv-k1r7-kkas | https://curl.se/docs/CVE-2025-15224.json | 38.0.0 |
| 2026-04-01T18:21:14.448063+00:00 | Curl Importer | Affected by | VCID-2cx5-1qnw-uufj | https://curl.se/docs/CVE-2026-1965.json | 38.0.0 |
| 2026-04-01T18:21:13.810451+00:00 | Curl Importer | Affected by | VCID-etzn-uhck-h7b2 | https://curl.se/docs/CVE-2026-3783.json | 38.0.0 |
| 2026-04-01T18:21:13.382446+00:00 | Curl Importer | Affected by | VCID-8zks-th64-33b8 | https://curl.se/docs/CVE-2026-3784.json | 38.0.0 |