CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Mongoose before 8.8.3 can improperly use $where in match, leading to search injection.