Every CVE whose affected-product data names Koji Project Koji, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2018-1002150 — CVSS 9.1 (critical): Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write…
CVE-2017-1002153 — CVSS 7.5 (high): Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.