CVEs affecting projects tracked on Release Alert, from NVD & OSV.
In zulip before 1.3.12, deactivated users could access messages if SSO was enabled.