Browse all 4 CVE security advisories affecting sequoia-pgp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Sequoia-pgp is an open-source PGP encryption library primarily used for implementing cryptographic operations in Java applications. Historically, it has been susceptible to remote code execution vulnerabilities due to insecure parsing of PGP messages, as well as cross-site scripting issues in web-based implementations. Privilege escalation vulnerabilities have also been identified in certain configurations. The project maintains four CVE records, with notable security characteristics including its focus on cryptographic correctness but occasional lapses in input validation. While no major public security incidents have been documented, the CVE history indicates a pattern of vulnerabilities related to improper handling of untrusted input, particularly in message parsing components.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-67897 | Sequoia PGP 安全漏洞 — sequoiaCWE-195 | 5.3 | Medium | 2025-12-14 |
| CVE-2023-53160 | sequoia-openpgp 缓冲区错误漏洞 — sequoiaCWE-125 | 2.9 | Low | 2025-07-28 |
| CVE-2023-53161 | buffered-reader crate 缓冲区错误漏洞 — buffered-readerCWE-125 | 2.9 | Low | 2025-07-28 |
| CVE-2024-58261 | sequoia-openpgp 安全漏洞 — sequoiaCWE-835 | 2.9 | Low | 2025-07-27 |
This page lists every published CVE security advisory associated with sequoia-pgp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.