CVEs affecting projects tracked on Release Alert, from NVD & OSV.
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.