CVEs affecting projects tracked on Release Alert, from NVD & OSV.
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.