CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.