TL;DR: someone reported a security issue for DVWA (for those that do not know what it is: the only role of DVWA is to intentionally implement vulnerabilities for learning purposes; it is never employed for delivering services or functionality to end users). It seems it's disputed: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-39848" rel="nofollow noreferrer">https://nvd.nist.gov/vuln/detail/CVE-2023-39848</a>