Is BouncyCastle safe to use?

BouncyCastle has 3 known vulnerabilities on the latest version (1.8.9). DepScope rates its health at 11/100 (critical risk).

What is the latest version of BouncyCastle?

The latest version of BouncyCastle is 1.8.9, released 2021-01-05.

Does BouncyCastle have known vulnerabilities?

Yes. BouncyCastle has 3 known vulnerabilities. See depscope.dev/pkg/nuget/BouncyCastle for details.

Is BouncyCastle deprecated?

Yes, BouncyCastle is deprecated: This package is no longer maintainted. Please, use official BouncyCastle.Cryptography package. See https://www.bouncycastle.org/csharp/

What are alternatives to BouncyCastle?

DepScope has no curated alternatives for BouncyCastle at this time.

What license does BouncyCastle use?

License information for BouncyCastle is not declared in the registry metadata.

BouncyCastle

nugetv1.8.9deprecated

The Bouncy Castle Crypto package is a C# implementation of cryptographic algorithms and protocols, it was developed by the Legion of the Bouncy Castle, a registered Australian Charity, with a little help! The Legion, and the latest goings on with this package, can be found at [http://www.bouncycastle.org](http://www.bouncycastle.org). In addition to providing basic cryptography algorithms, the package also provides support for CMS, TSP, X.509 certificate generation and a variety of other standar

10 versions1 maintainers0 deps401,946 weekly dl

http://www.bouncycastle.org/csharp/

/ 100

Health

find alternative

BouncyCastle is deprecated — find an alternative

Update to >= 2.3.1 to fix known vulnerabilities

Low health score (11/100)
Package is deprecated

Health breakdown0 – 100

0/25

maintenance

14/20

popularity

19/25

security

6/15

maturity

2/15

community

Vulnerabilities

3 medium

Advisories (3)

Severity	ID	Summary	Fixed in
medium	CVE-2024-29857	Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.	2.3.1
medium	CVE-2024-30172	Bouncy Castle crafted signature and public key can be used to trigger an infinite loop	2.3.1
medium	CVE-2024-30171	Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")	2.3.1

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/nuget/BouncyCastle

Last updated · 2021-01-05T08:23:30.19+00:00