{"package":"BouncyCastle","ecosystem":"nuget","latest_version":"1.8.9","description":"The Bouncy Castle Crypto package is a C# implementation of cryptographic algorithms and protocols, it was developed by the Legion of the Bouncy Castle, a registered Australian Charity, with a little help! The Legion, and the latest goings on with this package, can be found at [http://www.bouncycastle.org](http://www.bouncycastle.org). In addition to providing basic cryptography algorithms, the package also provides support for CMS, TSP, X.509 certificate generation and a variety of other standar","license":"","license_risk":"unknown","commercial_use_notes":"No license declared in registry metadata — verify manually before commercial use.","homepage":"http://www.bouncycastle.org/csharp/","repository":"http://www.bouncycastle.org/csharp/","downloads_weekly":401946,"health":{"score":11,"risk":"critical","breakdown":{"maintenance":0,"popularity":14,"security":19,"maturity":6,"community":2},"deprecated":true,"max_score":100},"vulnerabilities":{"count":3,"critical":0,"high":0,"medium":3,"low":0,"details":[{"vuln_id":"CVE-2024-29857","severity":"medium","summary":"Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.","affected_versions":"<1.78|<1.78|<1.78|<1.78|<1.78|<1.78|<1.78|<1.0.2.5|<2.3.1|=1.71|=1.71.1|=1.72|=1.73|=1.74|=1.75|=1.76|=1.77|=1.46|=1.47|=1.48|=1.49|=1.50|=1.51|=1.52|=1.53|=1.54|=1.55|=1.56|=1.57|=1.58|=1.59|=1.60|=1.61|=1.62|=1.63|=1.64|=1.65|=1.65.01|=1.66|=1.67|=1.68|=1.69|=1.70|=1.63|=1.64|=1.65|=1.66|=1.67|=1.68|=1.69|=1.70|=1.71|=1.72|=1.73|=1.74|=1.75|=1.76|=1.77|=1.38|=1.43|=1.44|=1.45|=1.46|=1.47|=1.48|=1.49|=1.50|=1.51|=1.53|=1.54|=1.55|=1.56|=1.57|=1.58|=1.59|=1.60|=1.61|=1.62|=1.63|=1.64|=1.65|=1.67|=1.68|=1.69|=1.70|=1.71|=1.72|=1.73|=1.74|=1.75|=1.76|=1.77|=1.71|=1.71.1|=1.72|=1.73|=1.74|=1.75|=1.76|=1.77|=1.61|=1.62|=1.63|=1.64|=1.65|=1.67|=1.68|=1.69|=1.70|=1.71|=1.72|=1.73|=1.74|=1.75|=1.76|=1.77|=1.63|=1.64|=1.65|=1.66|=1.67|=1.68|=1.69|=1.70|=1.71|=1.72|=1.73|=1.74|=1.75|=1.76|=1.77|=1.0.0|=1.0.1|=1.0.2|=1.0.2.1|=1.0.2.3|=1.0.2.4|=1.7.0|=1.8.1|=1.8.2|=1.8.3|=1.8.3.1|=1.8.4|=1.8.5|=1.8.6|=1.8.6.1|=1.8.9|=2.0.0|=2.1.0|=2.1.1|=2.2.0|=2.2.1|=2.3.0","fixed_version":"2.3.1","source":"osv","published_at":"2024-05-14T15:32:54Z","in_kev":false,"epss_prob":0.00252,"epss_percentile":0.48506,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-30172","severity":"medium","summary":"Bouncy Castle crafted signature and public key can be used to trigger an infinite loop","affected_versions":">=1.73,<1.78|>=1.73,<1.78|>=1.73,<1.78|>=1.73,<1.78|>=1.73,<1.78|>=1.73,<1.78|<2.3.1|=1.73|=1.74|=1.75|=1.76|=1.77|=1.73|=1.74|=1.75|=1.76|=1.77|=1.73|=1.74|=1.75|=1.76|=1.77|=1.73|=1.74|=1.75|=1.76|=1.77|=1.73|=1.74|=1.75|=1.76|=1.77|=1.73|=1.74|=1.75|=1.76|=1.77|=1.7.0|=1.8.1|=1.8.2|=1.8.3|=1.8.3.1|=1.8.4|=1.8.5|=1.8.6|=1.8.6.1|=1.8.9|=2.0.0|=2.1.0|=2.1.1|=2.2.0|=2.2.1|=2.3.0","fixed_version":"2.3.1","source":"osv","published_at":"2024-05-14T15:32:54Z","in_kev":false,"epss_prob":0.00075,"epss_percentile":0.22412,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-30171","severity":"medium","summary":"Bouncy Castle affected by timing side-channel for RSA key exchange (\"The Marvin Attack\")","affected_versions":"<1.0.19|<1.78|<1.78|<1.78|<1.78|<1.78|<1.78|<1.78|<2.3.1|=1.0.0|=1.0.1|=1.0.10|=1.0.10.1|=1.0.10.2|=1.0.10.3|=1.0.11|=1.0.11.1|=1.0.11.2|=1.0.11.3|=1.0.11.4|=1.0.12|=1.0.12.1|=1.0.12.2|=1.0.12.3|=1.0.13|=1.0.14|=1.0.14.1|=1.0.16|=1.0.17|=1.0.18|=1.0.2|=1.0.3|=1.0.4|=1.0.5|=1.0.6|=1.0.7|=1.0.8|=1.0.9|=1.71|=1.71.1|=1.72|=1.73|=1.74|=1.75|=1.76|=1.77|=1.46|=1.47|=1.48|=1.49|=1.50|=1.51|=1.52|=1.53|=1.54|=1.55|=1.56|=1.57|=1.58|=1.59|=1.60|=1.61|=1.62|=1.63|=1.64|=1.65|=1.65.01|=1.66|=1.67|=1.68|=1.69|=1.70|=1.63|=1.64|=1.65|=1.66|=1.67|=1.68|=1.69|=1.70|=1.71|=1.72|=1.73|=1.74|=1.75|=1.76|=1.77|=1.38|=1.43|=1.44|=1.45|=1.46|=1.47|=1.48|=1.49|=1.50|=1.51|=1.53|=1.54|=1.55|=1.56|=1.57|=1.58|=1.59|=1.60|=1.61|=1.62|=1.63|=1.64|=1.65|=1.67|=1.68|=1.69|=1.70|=1.71|=1.72|=1.73|=1.74|=1.75|=1.76|=1.77|=1.71|=1.71.1|=1.72|=1.73|=1.74|=1.75|=1.76|=1.77|=1.61|=1.62|=1.63|=1.64|=1.65|=1.67|=1.68|=1.69|=1.70|=1.71|=1.72|=1.73|=1.74|=1.75|=1.76|=1.77|=1.63|=1.64|=1.65|=1.66|=1.67|=1.68|=1.69|=1.70|=1.71|=1.72|=1.73|=1.74|=1.75|=1.76|=1.77|=1.7.0|=1.8.1|=1.8.2|=1.8.3|=1.8.3.1|=1.8.4|=1.8.5|=1.8.6|=1.8.6.1|=1.8.9|=2.0.0|=2.1.0|=2.1.1|=2.2.0|=2.2.1|=2.3.0","fixed_version":"2.3.1","source":"osv","published_at":"2024-05-14T15:32:54Z","in_kev":false,"epss_prob":0.00102,"epss_percentile":0.2771,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"1.8.9","total_count":10,"recent":["1.7.0","1.8.1","1.8.2","1.8.3","1.8.3.1","1.8.4","1.8.5","1.8.6","1.8.6.1","1.8.9"]},"metadata":{"deprecated":true,"deprecated_message":"This package is no longer maintainted. Please, use official BouncyCastle.Cryptography package.\nSee https://www.bouncycastle.org/csharp/","maintainers_count":1,"first_published":null,"last_published":"2021-01-05T08:23:30.19+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"find_alternative","issues":["Low health score (11/100)","Package is deprecated"],"use_version":"1.8.9","version_hint":"Update to >= 2.3.1 to fix known vulnerabilities","summary":"BouncyCastle is deprecated — find an alternative"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":624,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"co_used_with":[{"package":"HarfBuzzSharp.NativeAssets.Win32","occurrences":1}],"version_history_summary":{"total_versions":10,"first_release_age_days":null,"last_release_days_ago":1941,"avg_days_between_releases":null,"release_velocity":"stale"}}