Review 42Crunch tool for OpenAPI vulnerabilities

Apparently there is a list of vulnerabilities for OpenAPI that this tool introspects and provides a 'score' for OpenAPI definitions. Not sure of the origin of these vulnerabilities -- perhaps NIST Cybersecurity division. https://42crunch.com/tutorial-api-security-audit-report/

Some of these include missing pattern keywords on string type(s), where alphanumeric would at minimum be specified. We have seen max length on string as well.