sequoia-openpgp (crates.io) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the crates.io package sequoia-openpgp, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2025-67897 — CVSS 5.3 (medium): In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue…
CVE-2023-53160 — CVSS 2.9 (low): The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic.
CVE-2024-58261 — CVSS 2.9 (low): The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet"…