Curl
This hub aggregates every CVE we track for Curl, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
175
CVEs tracked
23
Critical
46
High
0
In CISA KEV
Severity distribution
MEDIUM88HIGH46CRITICAL23LOW18
Monthly trend
3
0
1
0
1
1
0
3
0
0
2
1
0
0
2
0
1
0
6
1
4
0
8
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Curl.
- CVE-2026-7168cross-proxy Digest auth state leak5.3
- CVE-2026-7009OCSP stapling bypass with Apple SecTrust5.3
- CVE-2026-6429netrc credential leak with reused proxy connection5.3
- CVE-2026-6276stale custom cookie host causes cookie leak7.5
- CVE-2026-6253proxy credentials leak over redirect-to proxy5.9
- CVE-2026-5773wrong reuse of SMB connection7.5
- CVE-2026-5545wrong reuse of HTTP Negotiate connection6.5
- CVE-2026-4873connection reuse ignores TLS requirement5.9
- CVE-2026-3805use after free in SMB connection reuse7.5
- CVE-2026-3784wrong proxy connection reuse with credentials6.5
- CVE-2026-3783token leak with redirect and netrc5.3
- CVE-2026-1965bad reuse of HTTP Negotiate connection6.5
- CVE-2025-11563wcurl path traversal with percent-encoded slashes4.6
- CVE-2025-15224libssh key passphrase bypass without agent set3.1
- CVE-2025-15079libssh global known_hosts override5.3
Product normalization is registry-driven with AI assist and human review. How it works