CVEs affecting projects tracked on Release Alert, from NVD & OSV.
There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration.