CVEs affecting projects tracked on Release Alert, from NVD & OSV.
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking