Critical 9.8
2022-07-07≤ 7.72.0
curl: Unpreserved file permissions
curl 7.72
Critical 9.8
2022-12-05≤ 7.72.0
curl: POST following PUT confusion
Critical 9.8
2023-03-30≤ 7.72.0
curl: TELNET option IAC injection
High 8.8
2023-03-30≤ 7.72.0
curl: SFTP path ~ resolving discrepancy
High 8.6
2024-03-27≤ 7.72.0
HTTP/2 push headers memory-leak
High 8.1
2022-05-26≤ 7.72.0
curl: OAUTH2 bearer bypass in connection re-use
High 7.5
2021-09-29≤ 7.72.0
curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols
High 7.5
2022-06-01≤ 7.72.0
curl: bad local IPv6 connection reuse
High 7.5
2022-06-01≤ 7.72.0
curl: CERTINFO never-ending busy-loop
High 7.5
2022-06-01≤ 7.72.0
curl: TLS and SSH connection too eager reuse
High 7.3
2025-01-01≤ 7.72.0
gzip integer overflow
Medium 6.5 Unfixed
2026-03-11≤ 7.72.0
wrong proxy connection reuse with credentials
Medium 6.5 Unfixed
2026-03-11≤ 7.72.0
bad reuse of HTTP Negotiate connection
Medium 6.5
2021-08-05≤ 7.72.0
curl: Content not matching hash in Metalink is not being discarded
Medium 6.5
2022-06-01≤ 7.72.0
curl: auth/cookie leak on redirect
Medium 6.5
2022-07-07≤ 7.72.0
curl: HTTP compression denial of service
Medium 6.5
2023-02-23≤ 7.72.0
curl: HTTP multi-header compression denial of service
Medium 6.5
2023-12-07≤ 7.72.0
curl: information disclosure by exploiting a mixed case flaw
Medium 6.5
2024-09-11≤ 7.72.0
OCSP stapling bypass with GnuTLS
Medium 6.3 Unfixed
2026-01-08≤ 7.72.0
broken TLS options for threaded LDAPS
Medium 5.9
2021-09-29≤ 7.72.0
curl: Server responses received before STARTTLS processed after TLS handshake
Medium 5.9
2022-07-07≤ 7.72.0
curl: FTP-KRB bad message verification
Medium 5.9
2023-02-09≤ 7.72.0
curl: Use-after-free triggered by an HTTP proxy deny response
Medium 5.9
2023-05-26≤ 7.72.0
curl: siglongjmp race condition may lead to crash
Medium 5.9
2023-05-26≤ 7.72.0
curl: IDN wildcard match may lead to Improper Cerificate Validation
Medium 5.7
2022-06-01≤ 7.72.0
curl: credential leak on redirect
Medium 5.3 Unfixed
2026-04-29≤ 7.72.0
curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies
Medium 5.3 Unfixed
2026-04-29≤ 7.72.0
curl: curl: Information disclosure due to incorrect TLS connection reuse
Medium 5.3 Unfixed
2026-03-11≤ 7.72.0
token leak with redirect and netrc
Medium 5.3 Unfixed
2026-01-08≤ 7.72.0
libssh global known_hosts override
Medium 5.3 Unfixed
2026-01-08≤ 7.72.0
bearer token leak on cross-protocol redirect
Medium 5.3
2021-06-11≤ 7.72.0
curl: Cipher settings shared for all connections when using schannel TLS backed
Medium 5.3
2021-08-05≤ 7.72.0
curl: Metalink download sends credentials
Medium 5.3
2021-08-05≤ 7.72.0
curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure
Medium 5.3
2023-05-26≤ 7.72.0
curl: more POST-after-PUT confusion
Medium 4.3 Unfixed
2025-11-07≤ 7.72.0
missing SFTP host verification with wolfSSH
Medium 4.3
2022-07-07≤ 7.72.0
curl: Set-Cookie denial of service
Low 3.7
2020-12-14≤ 7.72.0
curl: FTP PASV command response can cause curl to connect to arbitrary host
Low 3.7
2021-08-05≤ 7.72.0
curl: Bad connection reuse due to flawed path name checks
Low 3.7
2022-09-23≤ 7.72.0
curl: Incorrect handling of control code characters in cookies
Low 3.1 Unfixed
2026-01-08≤ 7.72.0
libssh key passphrase bypass without agent set
Low 3.1
2021-06-11≤ 7.72.0
curl: TELNET stack contents disclosure
N/A
2020-12-14≤ 7.72.0
N/A
2020-12-14≤ 7.72.0
N/A
2021-04-01≤ 7.72.0
N/A
2021-04-01≤ 7.72.0
N/A
2023-03-30≤ 7.72.0
N/A
2023-03-30≤ 7.72.0
N/A
2023-03-30≤ 7.72.0
N/A
2023-10-18≤ 7.72.0
N/A
2023-10-18≤ 7.72.0
N/A
2024-07-31≤ 7.72.0