CVEs affecting projects tracked on Release Alert, from NVD & OSV.
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.