CVEs affecting projects tracked on Release Alert, from NVD & OSV.
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.