CVEs affecting projects tracked on Release Alert, from NVD & OSV.
jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.