CVEs affecting projects tracked on Release Alert, from NVD & OSV.
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.