CVEs affecting projects tracked on Release Alert, from NVD & OSV.
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.