CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Insufficient state checks lead to a vector that allows to bypass 2FA checks.