Security
Headlines

Headlines Latest CVEs

Headline

GHSA-v6x3-9r38-r27q: Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short

In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.

4 days ago

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-67897

Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short

Moderate severity GitHub Reviewed Published Dec 14, 2025 to the GitHub Advisory Database • Updated Dec 16, 2025

Package

cargo sequoia-openpgp (Rust)

Affected versions

< 2.1.0

Description

Published to the GitHub Advisory Database

Dec 14, 2025

Last updated

Dec 16, 2025

ghsa: Latest News

GHSA-x8cp-jf6f-r4xh: AWS SDK for PHP's S3 Encryption Client has a Key Commitment Issue

1 hour ago

GHSA-2xgq-q749-89fq: AWS SDK for Ruby's S3 Encryption Client has a Key Commitment Issue

1 hour ago

GHSA-3g75-q268-r9r6: Amazon S3 Encryption Client has a Key Commitment Issue

1 hour ago

GHSA-8452-54wp-rmv6: Storybook manager bundle may expose environment variables during build

1 hour ago

GHSA-529f-9qwm-9628: tinacms is vulnerable to arbitrary code execution

1 hour ago