Docs Overview
Project
Bug Report Code of conduct Dependencies Donate FAQ Features Governance History Install Known Bugs Known Risks Logo TODO website Info
Protocols
CA Extract HTTP cookies HTTP/3 MQTT SSL certs SSL libs compared URL syntax WebSocket
Releases
Changelog curl CVEs Release Table Version Numbering Vulnerabilities
Tool
Comparison Table curl man page HTTP Scripting mk-ca-bundle Tutorial When options were added
Who and Why
Companies Copyright Sponsors Thanks The name
curl / Docs / Project / Bug Bounty
Related:
Audits
Changelog
curl CVEs
Vulnerability Disclosure
Vulnerabilities Table

The curl bug bounty

Up until the end of January 2026 there was a curl bug bounty. It is no more.

The curl project does not offer any rewards for reported bugs or vulnerabilities. We also do not aid security researchers to get such rewards for curl problems from other sources either.

A bug bounty gives people too strong incentives to find and make up "problems" in bad faith that cause overload and abuse.

We still appreciate and value valid vulnerability reports.