Are Unnecessary Vulnerabilities Polluting Your Software Supply Chain?