Libcurl
This hub aggregates every CVE we track for Libcurl, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
78
CVEs tracked
14
Critical
22
High
0
In CISA KEV
Severity distribution
MEDIUM36HIGH22CRITICAL14LOW6
Monthly trend
3
1
0
0
0
0
0
2
0
0
2
1
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Libcurl.
- CVE-2025-5399WebSocket endless loop7.5
- CVE-2025-5025No QUIC certificate pinning with wolfSSL4.8
- CVE-2025-4947QUIC certificate check skip with wolfSSL6.5
- CVE-2025-0725gzip integer overflow7.3
- CVE-2025-0665eventfd double close9.8
- CVE-2024-32928The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud service...5.9
- CVE-2024-7264ASN.1 date parser overread6.5
- CVE-2024-6874macidn punycode buffer overread4.3
- CVE-2024-6197freeing stack buffer in utf8asn1str7.5
- CVE-2023-38545This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of ...9.8
- CVE-2023-38546This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application cr...3.7
- CVE-2023-28322An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even w...3.7
- CVE-2023-27538An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have ...5.5
- CVE-2023-27536An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to c...5.9
- CVE-2023-27535An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created c...5.9
Product normalization is registry-driven with AI assist and human review. How it works