CVEs affecting projects tracked on Release Alert, from NVD & OSV.
iTerm2 before 3.4.18 mishandles a DECRQSS response.