CVE-2016-6321: Path Traversal in tar --strip-components

CVE-2022-48303: tar from_header() base-256 decoder off-by-one heap over-read

CVE-2019-5953: wget 1.20.1 heap buffer overflow in reencode_escapes() URL handling

CVE-2017-13089: wget skip_short_body stack overflow via negative chunked transfer encoding size

CVE-2017-13089: Stack-overflow in wget HTTP chunked transfer encoding parsing

CVE-2024-38428: GNU Wget url_skip_credentials() treats ';' as userinfo terminator

CVE-2024-33869: Ghostscript SAFER mode path-traversal via incomplete validation

CVE-2020-15900: Integer Underflow in Ghostscript rsearch Operator

CVE-2023-36664: Command Injection in Ghostscript Pipe Device

CVE-2023-43115: Ghostscript IJS device SAFER sandbox bypass via path traversal + command injection

CVE-2023-38545: heap buffer overflow in curl SOCKS5 proxy via async state machine socks5_resolve_local bypass

CVE-2023-38545: Heap overflow in curl SOCKS5 proxy response handling

CVE-2023-4911 Looney Tunables: heap overflow in glibc parse_tunables via malformed GLIBC_TUNABLES

CVE-2023-4911 Looney Tunables: heap overflow in glibc parse_tunables

CVE-2014-7169: Bash Shellshock incomplete fix — command injection via ENV var name metacharacters

CVE-2014-7169 Bash Shellshock Secondary Injection via Function Definition Names

CVE-2014-6271 Shellshock: bash parse_and_execute consumes trailing commands after function-definition env import

CVE-2014-6271 (Shellshock) - Command Injection via Function Definition Environment Variables in Bash 4.3

CVE-2014-6271 Shellshock: Bash command injection via function import from environment variables

CVE-2023-43115: Ghostscript IJS device path-traversal/sandbox-escape via subprocess file delegation