Also, sometimes CVEs aren't really significant security issues. See: curl