CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.