VYPR
Vendor

Sequoia Pgp

Products
3
CVEs
4
Across products
4
Status
Private

Products

3

Recent CVEs

4
  • CVE-2025-67897MedDec 14, 2025
    risk 0.34cvss 5.3epss 0.00

    In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.

  • CVE-2026-2625MedApr 3, 2026
    risk 0.26cvss 4.0epss 0.00

    A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code,…

  • CVE-2023-53160Jul 28, 2025
    risk 0.00cvss epss 0.00

    The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic.

  • CVE-2024-58261Jul 27, 2025
    risk 0.00cvss epss 0.00

    The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.