obra’s Twitter Archive—№ 11,679

Classy. Find a "vulnerability" in a package based on an automated tool run. Never check for a false positive. Publish advisory. Get CVE.