Because you don't report and open the CVE, not because it isn't a security issue :)