CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.