CVEs affecting projects tracked on Release Alert, from NVD & OSV.
salt before 2015.5.5 leaks git usernames and passwords to the log.