CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration.