Read our Vulnerability Disclosure Policy.

If you have found or just suspect a security problem somewhere in curl or libcurl, report it on HackerOne.

We treat security issues with confidentiality until controlled and disclosed responsibly.

curl has earned Gold status on the OpenSSF Best Practices, reflecting its adherence to rigorous security and best practice standards. This achievement highlights curl's comprehensive documentation, secure development processes, effective change control mechanisms, and strong maintenance routines. Meeting these criteria demonstrates curl's commitment to security and reliability, ensuring the project's sustainability and trustworthiness. This recognition by OpenSSF underscores curl's role as a leader in open-source software practices. More information can be found on their OpenSSF page.