CVEs affecting projects tracked on Release Alert, from NVD & OSV.
mutt before 2.3.2 does not check for '\0' in url_pct_decode.