@bagder I've called out a few bogus CVEs like this. There was one where after it was closed and rejected, it was filed AGAIN when the version bumped on GitHub. Article:
https://hackaday.com/2023/07/07/this-week-in-security-bogus-cves-bogus-pocs-and-maybe-a-bogus-breach/