CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.