Three years ago I blogged about #nuget serving outdated #curl packages.

They then removed the packages I found.

I checked nuget again today and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there… with 64 known vulnerabilities.

The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/