CVEs affecting projects tracked on Release Alert, from NVD & OSV.
mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.