Analyzed
1 day
ago.
based on code collected
1 day
ago.
Major Versions
click and drag to zoom
Security Vulnerabilities for Version:
Severities:
Type
|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2025-15224 | Low | Jan 08, 2026 | When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using more... |
8.16.0, 8.14.1, 8.12.0, 8.10.0, 8.8.0, 8.6.0, 8.3.0, 8.2.0, 8.1.2, 8.1.0
|
|
| CVE-2025-15079 | Medium | Jan 08, 2026 | When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *n more... |
8.16.0, 8.14.1, 8.12.0, 8.10.0, 8.8.0, 8.6.0, 8.3.0, 8.2.0, 8.1.2, 8.1.0
|
|
| CVE-2025-14819 | Medium | Jan 08, 2026 | When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally re more... |
8.16.0, 8.14.1, 8.12.0, 8.10.0, 8.8.0, 8.6.0, 8.3.0, 8.2.0, 8.1.2, 8.1.0
|
|
| CVE-2025-14524 | Medium | Jan 08, 2026 | When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LD more... |
8.16.0, 8.14.1, 8.12.0, 8.10.0, 8.8.0, 8.6.0, 8.3.0, 8.2.0, 8.1.2, 8.1.0
|
|
| CVE-2025-14017 | Medium | Jan 08, 2026 | When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and more... |
8.16.0, 8.14.1, 8.12.0, 8.10.0, 8.8.0, 8.6.0, 8.3.0, 8.2.0, 8.1.2, 8.1.0
|
|
| CVE-2025-13034 | Medium | Jan 08, 2026 | When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certific more... |
8.16.0, 8.14.1, 8.12.0, 8.10.0, 8.8.0
|
|
| CVE-2025-10966 | BDSA-2025-15482 | Medium | Nov 07, 2025 | curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This more... |
8.16.0, 8.14.1, 8.12.0, 8.10.0, 8.8.0, 8.6.0, 8.3.0, 8.2.0, 8.1.2, 8.1.0
|
