Homepage

curl vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the curl package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • L
CVE-2025-5399

<8.14.1-r0
  • L
CVE-2024-2398

<8.7.1-r0
  • H
CVE-2024-6197

<8.9.0-r0
  • L
CVE-2024-2004

<8.7.1-r0
  • M
Improper Certificate Validation

<8.6.0-r0
  • M
Missing Encryption of Sensitive Data

<8.5.0-r0
  • M
CVE-2023-46218

<8.5.0-r0
  • L
CVE-2025-0167

<8.12.0-r0
  • L
CVE-2025-0665

<8.12.0-r0
  • H
Use After Free

<8.1.0-r0
  • L
CVE-2024-8096

<8.10.0-r0
  • M
Race Condition

<8.1.0-r0
  • M
Improper Authentication

<8.0.0-r0
  • H
Directory Traversal

<8.0.0-r0
  • C
Exposure of Resource to Wrong Sphere

<7.86.0-r0
  • H
Cleartext Transmission of Sensitive Information

<7.86.0-r0
  • M
Out-of-bounds Read

<8.9.0-r0
  • L
CVE-2024-2379

<8.7.1-r0
  • H
Cleartext Transmission of Sensitive Information

<7.87.0-r0
  • L
CVE-2024-2466

<8.7.1-r0
  • M
Out-of-bounds Read

<8.9.1-r0
  • M
Out-of-bounds Write

<7.86.0-r0
  • H
Allocation of Resources Without Limits or Throttling

<8.3.0-r0
  • H
Double Free

<7.86.0-r0
  • M
Cleartext Transmission of Sensitive Information

<7.83.1-r0
  • L
CVE-2025-4947

<8.14.0-r0
  • L
Buffer Overflow

<8.12.0-r0
  • H
Server-Side Request Forgery (SSRF)

<7.83.1-r0
  • M
Insufficient Comparison

<8.11.0-r0
  • L
CVE-2024-11053

<8.11.1-r0
  • C
Out-of-bounds Write

<8.4.0-r0
  • L
CVE-2023-38546

<8.4.0-r0
  • M
Improper Authentication

<8.0.0-r0
  • L
CVE-2025-5025

<8.14.0-r0
  • M
Insufficient Verification of Data Authenticity

<7.79.0-r0
  • L
Use of Incorrectly-Resolved Name or Reference

<7.78.0-r0
  • M
Cleartext Transmission of Sensitive Information

<7.88.0-r0
  • M
Allocation of Resources Without Limits or Throttling

<7.88.0-r0
  • C
Cleartext Transmission of Sensitive Information

<7.88.0-r0
  • M
Improper Authentication

<8.0.0-r0
  • M
Use After Free

<7.87.0-r0
  • M
Use of Uninitialized Resource

<7.78.0-r0
  • M
Insufficiently Protected Credentials

<7.78.0-r0
  • H
Missing Authentication for Critical Function

<7.83.0-r0
  • H
CVE-2022-27775

<7.83.0-r0
  • M
Improper Certificate Validation

<8.1.0-r0
  • M
Double Free

<8.0.0-r0
  • L
CVE-2023-28322

<8.1.0-r0
  • H
Arbitrary Code Injection

<8.0.0-r0
  • H
Out-of-bounds Write

<7.74.0-r0
  • H
Improper Certificate Validation

<7.74.0-r0
  • L
CVE-2020-8284

<7.74.0-r0
  • L
CVE-2022-35252

<7.85.0-r0
  • H
Improper Certificate Validation

<7.83.1-r0
  • M
Allocation of Resources Without Limits or Throttling

<7.84.0-r0
  • C
Incorrect Default Permissions

<7.84.0-r0
  • M
Allocation of Resources Without Limits or Throttling

<7.84.0-r0
  • M
CVE-2022-27779

<7.83.1-r0
  • M
Out-of-bounds Write

<7.84.0-r0
  • M
Insufficiently Protected Credentials

<7.83.0-r0
  • M
Insufficiently Protected Credentials

<7.83.0-r0
  • H
Use of Incorrectly-Resolved Name or Reference

<7.83.1-r0
  • H
Use After Free

<7.77.0-r0
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<7.83.1-r0
  • H
Cleartext Transmission of Sensitive Information

<7.79.0-r0
  • L
Missing Initialization of Resource

<7.77.0-r0
  • H
NULL Pointer Dereference

<7.59.0-r0
  • H
Out-of-bounds Read

<7.64.0-r0
  • C
Out-of-bounds Write

<7.59.0-r0
  • H
Out-of-bounds Read

<7.64.0-r0
  • C
Double Free

<7.79.0-r0
  • L
Authentication Bypass

<7.76.0-r0
  • M
Information Exposure

<7.76.0-r0
  • H
Use After Free

<7.72.0-r0
  • C
Buffer Overflow

<7.66.0-r0
  • C
Out-of-Bounds

<7.56.1-r0
  • M
Information Exposure

<7.55.0-r0
  • M
Improper Validation of Integrity Check Value

<7.78.0-r0
  • C
Out-of-bounds Write

<7.64.0-r0
  • H
Out-of-bounds Write

<7.65.0-r0
  • H
Improper Authentication

<7.50.2-r0
  • H
Improper Authorization

<7.50.1-r0
  • H
Information Exposure

<7.71.0-r0
  • H
Arbitrary Code Injection

<7.71.0-r0
  • L
Out-of-Bounds

<7.53.1-r2
  • H
Improper Certificate Validation

<7.54.0-r0
  • C
Out-of-Bounds

<7.62.0-r0
  • C
Double Free

<7.66.0-r0
  • C
Out-of-bounds Read

<7.62.0-r0
  • L
Integer Overflow or Wraparound

<7.65.0-r0
  • H
Out-of-bounds Read

<7.51.0-r0
  • H
Cryptographic Issues

<7.50.1-r0
  • C
Double Free

<7.51.0-r0
  • C
Out-of-bounds Read

<7.59.0-r0
  • C
Use After Free

<7.62.0-r0
  • C
Out-of-bounds Write

<7.60.0-r0
  • C
Out-of-Bounds

<7.57.0-r0
  • C
Integer Overflow or Wraparound

<7.61.1-r0
  • M
Cryptographic Issues

<7.36.0-r0
  • M
Out-of-Bounds

<7.55.0-r0
  • C
Out-of-bounds Read

<7.57.0-r0
  • C
Integer Overflow or Wraparound

<7.57.0-r0
  • C
Out-of-bounds Write

<7.61.0-r0
  • H
Use After Free

<7.51.0-r0
  • C
Out-of-bounds Read

<7.51.0-r0
  • M
Information Exposure

<7.55.0-r0
  • C
Out-of-bounds Read

<7.60.0-r0
  • C
Double Free

<7.51.0-r0
  • H
Out-of-bounds Write

<7.51.0-r0
  • H
Improper Input Validation

<7.51.0-r0
  • M
Credentials Management

<7.51.0-r0
  • H
Improper Input Validation

<7.51.0-r0
  • C
Integer Overflow or Wraparound

<7.50.3-r0
  • H
Improper Initialization

<7.52.1-r0
  • M
Improper Certificate Validation

<7.53.0-r0
  • H
Resource Injection

<7.51.0-r0
  • C
Out-of-bounds Write

<7.51.0-r0
  • H
Use After Free

<7.50.1-r0
  • M
Improper Authentication

<7.36.0-r0