CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Adminer through 4.7.8 allows XSS via the history parameter to the default URI.