https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical...

"When looking into various PGP-related codebases for some personal use cases, we found these expectations not met, and discovered multiple vulnerabilities in cryptographic utilities, namely in GnuPG, Sequoia PGP, age, and minisign."

"The vulnerabilities have implementation bugs at their core, for example in parsing code, rather than bugs in the mathematics of the cryptography itself."