CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.