Vulnerability Report: GO-2026-5932
- Affects: golang.org/x/crypto
- Published: Jul 07, 2026
The golang.org/x/crypto/openpgp package is unsafe by design, has numerous known security issues, is not maintained, and should not be used. If you are required to interoperate with OpenPGP systems and need a maintained package, consider github.com/ProtonMail/go-crypto/openpgp which is a maintained fork that aims to be a drop-in replacement for this package.
Affected Packages
-
PathVersionsSymbols
-
all versions, no known fixedall symbols
-
all versions, no known fixedall symbols
-
all versions, no known fixedall symbols
-
all versions, no known fixedall symbols
-
all versions, no known fixedall symbols
-
all versions, no known fixedall symbols
-
all versions, no known fixedall symbols
References
Feedback
See anything missing or incorrect?
Suggest an edit to this report.