CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404.