CVEs affecting projects tracked on Release Alert, from NVD & OSV.
A clickjacking vulnerability was found in Limesurvey before 3.17.14.