https://www.bleepingcomputer.com/news/security/bouncy-castle-crypto-authentication-bypass-vulnerability-revealed/ A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. When exploited, the vulnerability (CVE-2020-28052) can allow an attacker to gain access to user and administrator accounts due to a cryptographic weakness in the manner passwords are checked.

is the quality of the ecosystem like that through the whole stack?

I haven't had any concerns, but I haven't been looking for cryptographic problems like that

mostly the quality of review and testing brcomes the immediate worry

yeah