I Use This!
Very High Activity
Analyzed 2 days ago. based on code collected 3 days ago.
 

Security

Vulnerabilities per Version

Learn more about BDSAs
 
 

Major Versions

1yr
3yr
5yr
10yr
All
click and drag to zoom
 
 
Security Vulnerabilities for Version:
Severities:
Type
Identifier Related Record Severity Date Published Description Versions Affected
CVE-2026-9547 High Jul 03, 2026 When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently acce more...
8.20.0, 8.19.0, 8.16.0, 8.14.1, 8.12.0, 8.10.0, 8.8.0, 8.6.0, 8.3.0, 8.2.0
CVE-2026-9546 High Jul 03, 2026 A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation states that passing NULL more...
8.20.0, 8.19.0
CVE-2026-9545 High Jul 03, 2026 In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been more...
8.20.0, 8.19.0, 8.16.0, 8.14.1, 8.12.0
CVE-2026-9080 High Jul 03, 2026 Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback triggers a use-after-free vulnerability, where libcurl attempts t more...
8.20.0, 8.19.0, 8.16.0, 8.14.1
CVE-2026-9079 Critical Jul 03, 2026 libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get us more...
8.20.0, 8.19.0, 8.16.0, 8.14.1, 8.12.0, 8.10.0, 8.8.0
CVE-2026-8932 High Jul 03, 2026 libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libc more...
8.20.0, 8.19.0, 8.16.0, 8.14.1, 8.12.0, 8.10.0, 8.8.0, 8.6.0, 8.3.0, 8.2.0
CVE-2026-8927 Critical Jul 03, 2026 When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authenticat more...
8.20.0, 8.19.0, 8.16.0, 8.14.1, 8.12.0, 8.10.0, 8.8.0, 8.6.0, 8.3.0, 8.2.0
CVE-2026-8926 Critical Jul 03, 2026 When asking curl to use a `.netrc` file to find credentials and at the same time specifying a URL with a username(without a password), like `https://us more...
8.20.0, 8.19.0, 8.16.0, 8.14.1, 8.12.0
CVE-2026-8925 Critical Jul 03, 2026 The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making i more...
8.20.0, 8.19.0, 8.16.0
CVE-2026-8924 Critical Jul 03, 2026 A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an a more...
8.20.0, 8.19.0, 8.16.0, 8.14.1, 8.12.0, 8.10.0, 8.8.0, 8.6.0, 8.3.0, 8.2.0