That the link to Julia Reda's mentioned bug bounty program, which caused all these new reportings: https://juliareda.eu/2018/12/eu-fossa-bug-bounties/

eg glibc got a payout of 45.000 which means 4 exceptional risk bugs and 1 critical. https://www.intigriti.com/public/project/glibc/glibc

I find that quite disturbing.