CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.