CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.