Meta disclosed a high-priority remote code execution vulnerability in freetype earlier this week, CVE-2025-27363. Patches are available for testing in #AlmaLinux
https://almalinux.org/blog/2025-03-13-cve-2025-27363-patches/
PRs are open against CentOS Stream 8 and 9, but unmerged at this time.