Browse all 9 CVE security advisories affecting GnuPG. AI-powered Chinese analysis, POCs, and references for each vulnerability.
GnuPG serves as the primary open-source implementation of the OpenPGP standard for secure communication and data protection through encryption and digital signatures. Historically, vulnerabilities have included remote code execution flaws, memory corruption issues, and privilege escalation risks, particularly in parsing functions and cryptographic operations. While generally robust, the software has faced notable security incidents such as the EFAIL vulnerability and the DROWN attack affecting older versions, though these were mitigated through updates. The project maintains a strong security focus with regular audits and patches, though its complexity occasionally introduces new CVEs, currently standing at nine documented vulnerabilities that highlight the challenges in maintaining cryptographic software security.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41990 | Libgcrypt 缓冲区错误漏洞 — LibgcryptCWE-787 | 4.0 | Medium | 2026-04-23 |
| CVE-2026-41989 | Libgcrypt 缓冲区错误漏洞 — LibgcryptCWE-787 | 6.7 | Medium | 2026-04-23 |
| CVE-2026-24883 | GNUPG 代码问题漏洞 — GnuPGCWE-476 | 3.7 | Low | 2026-01-27 |
| CVE-2026-24882 | GNUPG 安全漏洞 — GnuPGCWE-121 | 8.4 | High | 2026-01-27 |
| CVE-2026-24881 | GNUPG 安全漏洞 — GnuPGCWE-121 | 8.1 | High | 2026-01-27 |
| CVE-2025-68973 | GNUPG 安全漏洞 — GnuPGCWE-675 | 7.8 | High | 2025-12-28 |
| CVE-2025-68972 | GNUPG 数据伪造问题漏洞 — GnuPGCWE-347 | 5.9 | Medium | 2025-12-27 |
| CVE-2025-30258 | GnuPG 安全漏洞 — GnuPGCWE-754 | 2.7 | Low | 2025-03-19 |
| CVE-2017-7526 | Libgcrypt 加密问题漏洞 — libgcryptCWE-200 | 5.9 | - | 2018-07-26 |
This page lists every published CVE security advisory associated with GnuPG. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.