CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components.