CVE-2021-31879: wget leaks Authorization across origin on redirect

CVE-2018-20483: wget --xattr leaks URL credentials into extended file attributes

CVE-2018-20483: wget --xattr leaks Basic-auth credentials via user.xdg.origin.url

CVE-2018-20483: Information Leak via Extended File Attributes in wget

CVE-2017-13089: wget skip_short_body stack overflow via negative chunked transfer encoding size

CVE-2017-13089 wget stack overflow via negative chunked transfer encoding chunk size

CVE-2024-38428: wget url_skip_credentials semicolon/multi-@ hostname confusion

CVE-2024-38428: GNU Wget url_skip_credentials() treats ';' as userinfo terminator

CVE-2020-15900: Integer overflow (signed left-shift UB) in Ghostscript bitshift PostScript operator

CVE-2020-15900: Ghostscript zbitshift signed integer overflow / UB in PostScript bitshift operator

CVE-2020-15900: Integer Underflow in Ghostscript rsearch Operator

CVE-2024-29510: Ghostscript uniprint device format-string vulnerability

CVE-2023-43115: Ghostscript IJS device SAFER sandbox bypass via path traversal + command injection

CVE-2023-38545: heap buffer overflow in curl SOCKS5 proxy via async state machine socks5_resolve_local bypass

CVE-2023-4911 Looney Tunables: heap overflow in glibc parse_tunables via malformed GLIBC_TUNABLES

CVE-2023-4911 Looney Tunables: heap overflow in glibc parse_tunables

CVE-2014-7169 — incomplete Shellshock fix in bash 4.3-p25 (variables.c initialize_shell_variables -> parse_and_execute)

CVE-2014-7169: Bash Shellshock incomplete fix — command injection via ENV var name metacharacters

CVE-2014-6271 Shellshock: bash parse_and_execute consumes trailing commands after function-definition env import

CVE-2014-6271 Shellshock: Bash command injection via function import from environment variables