CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Subrion CMS 4.1.5 has CSRF in blog/delete/.