CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.