web/security: add CVEs for current releases