An interesting list of older PGP issues can be found here:
The "Security Consederations" section of the OpenPGP specification RFC 4880 is also interesting:
This list focusses on bugs that stand out and are interesting, though all PGP implementations obviously had common programming bugs like typical memory corruptions. To not clutter the list we list them separately here:
- CVE-2002-0685/PGP: Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In
- CVE-2014-9087/libksba/GnuPG: Integer underflow in the ksba_oid_to_str function in Libksba
- CVE-2015-1606/GnuPG: Invalid read / use after free in keyring parser
- CVE-2015-1607/GnuPG: Invalid read in keyring parser
Also some misc bugs in other applications related to the usage of PGP: