We have previously looked at https://wp-umbrella.canny.io/features-request/p/correct-the-missleading-your-php-version-is-outdated - which in my opinion still is a bit problematic.

Then we also have this one about the mails sent for plugin "vulnerability": https://wp-umbrella.canny.io/features-request/p/plugin-vulnerability-priority

Taking that further we now have a "big read flag" in WP-Umbrella about "Perfect Brands WooCommerce", with a scary 85 (8.5) rating. But when you follow the link on it to Patchstach, they have a totally different story to tell, it has so low priority that they don't even care to patch it, as it is unlikely to be exploited.

Continuing this way, people will probably start ignoring your "red flags", just as in the story "The Boy Who Cried Wolf".

So, if you're using the general score from Patchstack, consider changing that into rater use their actual priority, which in this case is LOW. And also stop flagging low priority "issues" with red etc., rather use traffic lights.

Just my 5 cents...