Cryptographic vulnerabilities with a "low" or "informational" severity are like tiny pebbles in your shoe, you know they're in there but why take them out if you can still walk?
Take care of them before they cause major discomfort!
@cryptopote explains why here:

https://blog.quarkslab.com/non-compliant-crypto.html