Almost all of them? as I recall there was a single volunteer developer maintaining the xml/xslt libraries they were using.

Wasn't it similar with openssl 13+ years ago? Few volunteer maintainers, and only after a couple of major vulnerabilities money got thrown at that project?

I'm sure there's more and that's why the famous xkcd comic is always of relevance.