CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication.