CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.