CVEs affecting projects tracked on Release Alert, from NVD & OSV.
LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.