CVEs affecting projects tracked on Release Alert, from NVD & OSV.
HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.