{"id":"GO-2026-5932","summary":"The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues","details":"The golang.org/x/crypto/openpgp package is unsafe by design, has numerous known security issues, is not maintained, and should not be used.\n\nIf you are required to interoperate with OpenPGP systems and need a maintained package, consider github.com/ProtonMail/go-crypto/openpgp which is a maintained fork that aims to be a drop-in replacement for this package.","modified":"2026-07-10T05:44:31.101996029Z","published":"2026-07-07T22:15:29Z","related":["CGA-485h-x96h-hqh7"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2026-5932"},"references":[{"type":"REPORT","url":"https://go.dev/issue/44226"}],"affected":[{"package":{"name":"golang.org/x/crypto","ecosystem":"Go","purl":"pkg:golang/golang.org/x/crypto"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"golang.org/x/crypto/openpgp"},{"path":"golang.org/x/crypto/openpgp/packet"},{"path":"golang.org/x/crypto/openpgp/armor"},{"path":"golang.org/x/crypto/openpgp/clearsign"},{"path":"golang.org/x/crypto/openpgp/errors"},{"path":"golang.org/x/crypto/openpgp/elgamal"},{"path":"golang.org/x/crypto/openpgp/s2k"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-5932.json"}}],"schema_version":"1.7.5"}