(In reply to Jan Engelhardt from comment #4) > Are there some CVE numbers we can present to software projects? To nudge > them... see the initial comment (nokogiri and twitter link) upstream (google) declared the project dead.