CVEs affecting projects tracked on Release Alert, from NVD & OSV.
mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read.