High 8.6
2024-03-27≤ 8.0.1
HTTP/2 push headers memory-leak
curl 8.0
High 7.5
2023-05-26≤ 8.0.1
curl: use after free in SSH sha256 fingerprint check
High 7.5
2023-09-15≤ 8.0.1
curl: out of heap memory issue due to missing limit on header quantity
High 7.3
2025-01-01≤ 8.0.1
gzip integer overflow
Medium 6.5 Unfixed
2026-03-11≤ 8.0.1
wrong proxy connection reuse with credentials
Medium 6.5 Unfixed
2026-03-11≤ 8.0.1
bad reuse of HTTP Negotiate connection
Medium 6.5
2023-12-07≤ 8.0.1
curl: information disclosure by exploiting a mixed case flaw
Medium 6.5
2024-09-11≤ 8.0.1
OCSP stapling bypass with GnuTLS
Medium 6.3 Unfixed
2026-01-08≤ 8.0.1
broken TLS options for threaded LDAPS
Medium 5.9
2024-11-06≤ 8.0.1
HSTS subdomain overwrites parent cache entry
Medium 5.9
2023-05-26≤ 8.0.1
curl: siglongjmp race condition may lead to crash
Medium 5.9
2023-05-26≤ 8.0.1
curl: IDN wildcard match may lead to Improper Cerificate Validation
Medium 5.3 Unfixed
2026-04-29≤ 8.0.1
curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies
Medium 5.3 Unfixed
2026-04-29≤ 8.0.1
curl: curl: Information disclosure due to incorrect TLS connection reuse
Medium 5.3 Unfixed
2026-03-11≤ 8.0.1
token leak with redirect and netrc
Medium 5.3 Unfixed
2026-01-08≤ 8.0.1
libssh global known_hosts override
Medium 5.3 Unfixed
2026-01-08≤ 8.0.1
OpenSSL partial chain store policy bypass
Medium 5.3 Unfixed
2026-01-08≤ 8.0.1
bearer token leak on cross-protocol redirect
Medium 5.3
2023-05-26≤ 8.0.1
curl: more POST-after-PUT confusion
Medium 5.3
2023-12-12≤ 8.0.1
curl: excessively long file name may lead to unknown HSTS status
Medium 4.3 Unfixed
2025-11-07≤ 8.0.1
missing SFTP host verification with wolfSSH
Low 3.5 Unfixed
2024-03-27≤ 8.0.1
Usage of disabled protocol
Low 3.4
2025-01-01≤ 8.0.1
netrc and default credential leak
Low 3.4
2024-12-11≤ 8.0.1
netrc and redirect credential leak
Low 3.1 Unfixed
2026-01-08≤ 8.0.1
libssh key passphrase bypass without agent set
N/A
2023-10-18≤ 8.0.1
N/A
2023-10-18≤ 8.0.1
N/A
2024-07-31≤ 8.0.1