CVEs affecting projects tracked on Release Alert, from NVD & OSV.
ClamAV before 0.97.7 has buffer overflow in the libclamav component