CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.