A backdoor in XZ Utils, after state sponsored actors pressured the XZ maintainers to allow them to be maintainers aswell. They introduced their own backdoor into this software.
It was discovered after Andreas Freund found his unzipping to be 3s too long.
Rating
This had a CVE rating of 10