I maintained an open-source app for many years. It leveraged a crypto library but allowed for different algos, or none at all for testing.

Some guy wrote a CVE about “when I disable all crypto it doesn’t use crypto”. So there’s that. It’s the only CVE we got before or during my time.

But even we got one.