CVEs affecting projects tracked on Release Alert, from NVD & OSV.
The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic.