Author used CodeQL to rediscover a CVE in JSC that was exploited by Pwn2Own in 2018. Very interesting. I guess now with increasing automation we'll see more CVE discovery through such tools.