diff --git a/packages/openscad/CVE-2020-28599.patch b/packages/openscad/CVE-2020-28599.patch
new file mode 100644
index 0000000000..26597e9b26
--- /dev/null
+++ b/packages/openscad/CVE-2020-28599.patch
@@ -0,0 +1,62 @@
+https://src.fedoraproject.org/rpms/openscad/c/d6b5571d1bb9533e77463d09b017d1903504c4a9
+https://github.com/openscad/openscad/commit/f6451264c04ab5fd1f3c544486c5dbe3e63e9536
+
+--- a/src/import_stl.cc
++++ b/src/import_stl.cc
+@@ -88,12 +88,17 @@ PolySet *import_stl(const std::string &filename, const Location &loc)
+ 	f.read(data, 5);
+ 	if (!binary && !f.eof() && f.good() && !memcmp(data, "solid", 5)) {
+ 		int i = 0;
++		int lineno = 1;
+ 		double vdata[3][3];
+ 		std::string line;
+ 		std::getline(f, line);
+ 		while (!f.eof()) {
++			lineno++;
+ 			std::getline(f, line);
+ 			boost::trim(line);
++			if (line.length() == 0) {
++				continue;
++			}
+ 			if (boost::regex_search(line, ex_sfe)) {
+ 				continue;
+ 			}
+@@ -101,23 +106,27 @@ PolySet *import_stl(const std::string &filename, const Location &loc)
+ 				i = 0;
+ 				continue;
+ 			}
++			if (i >= 3) {
++				PRINTB("ERROR: STL line %1$s, extra vertex line '%2$s' importing file '%3$s'", lineno % line % filename);
++				delete p;
++				return new PolySet(3);
++			}
+ 			boost::smatch results;
+ 			if (boost::regex_search(line, results, ex_vertices)) {
+ 				try {
+ 					for (int v=0;v<3;v++) {
+ 						vdata[i][v] = boost::lexical_cast<double>(results[v+1]);
+ 					}
+-				}
+-				catch (const boost::bad_lexical_cast &blc) {
+-					PRINTB("WARNING: Can't parse vertex line '%s', import() at line %d", line % loc.firstLine());
+-					i = 10;
+-					continue;
+-				}
+-				if (++i == 3) {
+-					p->append_poly();
+-					p->append_vertex(vdata[0][0], vdata[0][1], vdata[0][2]);
+-					p->append_vertex(vdata[1][0], vdata[1][1], vdata[1][2]);
+-					p->append_vertex(vdata[2][0], vdata[2][1], vdata[2][2]);
++					if (++i == 3) {
++						p->append_poly();
++						p->append_vertex(vdata[0][0], vdata[0][1], vdata[0][2]);
++						p->append_vertex(vdata[1][0], vdata[1][1], vdata[1][2]);
++						p->append_vertex(vdata[2][0], vdata[2][1], vdata[2][2]);
++					}
++				} catch (const boost::bad_lexical_cast& blc) {
++					PRINTB("ERROR: STL line %1$s, can't parse vertex line '%2$s' importing file '%3$s'", lineno % line % filename);
++					delete p;
++					return new PolySet(3);
+ 				}
+ 			}
+ 		}
diff --git a/packages/openscad/CVE-2022-0496.patch b/packages/openscad/CVE-2022-0496.patch
new file mode 100644
index 0000000000..7a4e740c0b
--- /dev/null
+++ b/packages/openscad/CVE-2022-0496.patch
@@ -0,0 +1,62 @@
+https://github.com/openscad/openscad/commit/00a4692989c4e2f191525f73f24ad8727bacdf41
+
+--- a/src/dxfdata.cc
++++ b/src/dxfdata.cc
+@@ -441,6 +441,11 @@ DxfData::DxfData(double fn, double fs, double fa,
+ 				auto lv = grid.data(this->points[lines[idx].idx[j]][0], this->points[lines[idx].idx[j]][1]);
+ 				for (size_t ki = 0; ki < lv.size(); ++ki) {
+ 					int k = lv.at(ki);
++                    if (k < 0 || k >= lines.size()) {
++                        PRINTB("WARNING: Bad DXF line index in %1$s.",
++                               QuotedString(boostfs_uncomplete(filename, fs::current_path()).generic_string()));
++                        continue;
++                    }
+ 					if (k == idx || lines[k].disabled) continue;
+ 					goto next_open_path_j;
+ 				}
+@@ -466,13 +471,20 @@ DxfData::DxfData(double fn, double fs, double fa,
+ 			auto lv = grid.data(ref_point[0], ref_point[1]);
+ 			for (size_t ki = 0; ki < lv.size(); ++ki) {
+ 				int k = lv.at(ki);
++                if (k < 0 || k >= lines.size()) {
++                    PRINTB("WARNING: Bad DXF line index in %1$s.",
++                           QuotedString(boostfs_uncomplete(filename, fs::current_path()).generic_string()));
++                    continue;
++                }
+ 				if (lines[k].disabled) continue;
+-				if (grid.eq(ref_point[0], ref_point[1], this->points[lines[k].idx[0]][0], this->points[lines[k].idx[0]][1])) {
++                auto idk0 = lines[k].idx[0];    // make it easier to read and debug
++                auto idk1 = lines[k].idx[1];
++				if (grid.eq(ref_point[0], ref_point[1], this->points[idk0][0], this->points[idk0][1])) {
+ 					current_line = k;
+ 					current_point = 0;
+ 					goto found_next_line_in_open_path;
+ 				}
+-				if (grid.eq(ref_point[0], ref_point[1], this->points[lines[k].idx[1]][0], this->points[lines[k].idx[1]][1])) {
++				if (grid.eq(ref_point[0], ref_point[1], this->points[idk1][0], this->points[idk1][1])) {
+ 					current_line = k;
+ 					current_point = 1;
+ 					goto found_next_line_in_open_path;
+@@ -501,13 +513,20 @@ DxfData::DxfData(double fn, double fs, double fa,
+ 			auto lv = grid.data(ref_point[0], ref_point[1]);
+ 			for (size_t ki = 0; ki < lv.size(); ++ki) {
+ 				int k = lv.at(ki);
++                if (k < 0 || k >= lines.size()) {
++                    PRINTB("WARNING: Bad DXF line index in %1$s.",
++                           QuotedString(boostfs_uncomplete(filename, fs::current_path()).generic_string()));
++                    continue;
++                }
+ 				if (lines[k].disabled) continue;
+-				if (grid.eq(ref_point[0], ref_point[1], this->points[lines[k].idx[0]][0], this->points[lines[k].idx[0]][1])) {
++                auto idk0 = lines[k].idx[0];    // make it easier to read and debug
++                auto idk1 = lines[k].idx[1];
++				if (grid.eq(ref_point[0], ref_point[1], this->points[idk0][0], this->points[idk0][1])) {
+ 					current_line = k;
+ 					current_point = 0;
+ 					goto found_next_line_in_closed_path;
+ 				}
+-					if (grid.eq(ref_point[0], ref_point[1], this->points[lines[k].idx[1]][0], this->points[lines[k].idx[1]][1])) {
++                if (grid.eq(ref_point[0], ref_point[1], this->points[idk1][0], this->points[idk1][1])) {
+ 					current_line = k;
+ 					current_point = 1;
+ 					goto found_next_line_in_closed_path;
diff --git a/packages/openscad/CVE-2022-0497.patch b/packages/openscad/CVE-2022-0497.patch
new file mode 100644
index 0000000000..4fb0d2118a
--- /dev/null
+++ b/packages/openscad/CVE-2022-0497.patch
@@ -0,0 +1,13 @@
+https://github.com/openscad/openscad/commit/78a82cf31767bda6969d8ea2eb851dc24c12b4b0
+
+--- a/src/comment.cc
++++ b/src/comment.cpp
+@@ -92,7 +92,7 @@ static std::string getComment(const std::string &fulltext, int line)
+ 	}
+ 
+ 	int end = start + 1;
+-	while (fulltext[end] != '\n') end++;
++	while (end < fulltext.size() && fulltext[end] != '\n') end++;
+ 
+ 	std::string comment = fulltext.substr(start, end - start);
+ 
diff --git a/packages/openscad/build.sh b/packages/openscad/build.sh
index c4c32960a1..e5335b7c81 100644
--- a/packages/openscad/build.sh
+++ b/packages/openscad/build.sh
@@ -3,7 +3,7 @@ TERMUX_PKG_DESCRIPTION="The programmers solid 3D CAD modeller (headless build)"
 TERMUX_PKG_LICENSE="GPL-2.0"
 TERMUX_PKG_MAINTAINER="@termux"
 TERMUX_PKG_VERSION=2019.05
-TERMUX_PKG_REVISION=9
+TERMUX_PKG_REVISION=10
 TERMUX_PKG_SRCURL=https://files.openscad.org/openscad-$TERMUX_PKG_VERSION.src.tar.gz
 TERMUX_PKG_SHA256=0a16c4263ce52380819dd91c609a719d38f12f6b8c4da0e828dcbe5b70996f59
 TERMUX_PKG_DEPENDS="boost, double-conversion, fontconfig, freetype, glib, harfbuzz, libc++, libgmp, libmpfr, libxml2, libzip"