Bugs are only made public when developers find out about them then fix them. Many exploits simply die to code churn rather than developers actually fixing what they understand to be a vulnerability.

I have no horse in this race, but I don't think you should assume you have all the information.