X.Org Security Advisory: Issues in X.Org X server prior to 21.1.14 and Xwayland prior to 24.1.4
CVE-2024-9632: Heap-based buffer overflow privilege escalation in _XkbSetCompatMap
The announcement linked above has a link to the commit that fixed it.
I see the affected code for it in nx-libs but it's not identical.

X.Org Security Advisory: Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5
CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (Introduced in xorg-server-1.7.0 2009)
CVE-2024-31081: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (Introduced in xorg-server-1.7.0 2009)
CVE-2024-31083: User-after-free in ProcRenderAddGlyphs (Introduced in X11R6-7 2004)
The announcement linked above has links to the commits that fixed them.
I don't see the affected code for the first two in nx-libs, so maybe it's immune or maybe the code is just in different places.
I see the affected code for the last one but it's not identical. Also, apparently that one was tricky - upstream took two tries.
The announcement also lists CVE-2024-31082 introduced in xorg-server-1.12.0 so I don't think that would be here.