If you can deal with known vulnerabilities and cross-reference all of Apple's CVE notes, more power to you. I can't say I have that much free time (Liquid Glass sucks, though).
I never suggested that. But Apple itself prioritizes patches by severity when deciding what to backport.
Some issues are so severe that Apple occasionally releases a new security update for previous OS versions that no longer receive security updates otherwise.
A lot of issues are merely privilege escalation, which is not necessarily a big problem on a personal computer.
