Are you a developing NuGet packages? Good. Me too. We developers all make mistakes from time to time. And the problem is, some of those mistakes become vulnerabilities. Now the problem is, how will the users of your library know?
The last item on the OWASP Top 10 is A10 - Unvalidated Redirects and Forwards.
The 9th item on the OWASP Top 10 is A9 - Insufficient Transport Layer Protection. This is mostly a browser to server and server to server issue.