Vulnerabilities in OSS are fixed over time. They are fixed by people running the code and contributing back, by fuzzing efforts, by testing a release candidate.
The difference between OSS and closed source is not the number of reviewers for the initial commit, it's the number of reviewers over years of usage.
The difference between OSS and closed source is not the number of reviewers for the initial commit, it's the number of reviewers over years of usage.