At Snyk we decided to make the discussion about validity of such CVEs a bit more public and published a statement in our blog: https://snyk.io/blog/when-is-a-cve-not-a-cve/