Please see

    http://bugs.gnupg.org/

for a list of known bugs in GnuPG.  We don't distribute this list with
the package any longer because a more current one with notes in which
version the bug is fixed can be found online.

For security related bugs, please contact <security@gnupg.org> which
directs mails only to the core developers.  If you need to encrypt the
report you should use the public keys of the maintainer and of 2 or 3
other active developers (consult the ChangeLog and AUTHORS).