CVEs affecting projects tracked on Release Alert, from NVD & OSV.
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2).