CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Adminer through 4.3.1 has SSRF via the server parameter.