CVE-2021-46322: Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.
Planned for 3.x. I don't know if 2.x is even vulnerable, or if this is just referring to a prerelease.
Looks like a fix was merged upstream for 2.7.0: https://github.com/svaarala/duktape/commit/a851d8a5687356b1d6ad0f8f39d6226947f17b27