CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.