It would be nice if apk exposed information about fixed CVEs in a package upgrade so that users could better gauge how important an upgrade is (and users of libapk can set the urgency of an upgrade, e.g. to underline it with red colour to show the upgrade is security relevant).