rm will unapologetically delete files instead of using the "trash bin" semantics that many people are used to. Some would define that as "faulty", and it can certainly cause "harm" (a "rm fuckup" is almost a rite of passage).
You can find many such almost banal examples, ranging from well-known tools to some project a student uploaded on GitHub that sees basically 0 traffic. Opening up Open Office to a lawsuit also means opening up countless GitHub projects from 15-year olds riddled with SQL injections and the like, but also things I put on my GitHub five years ago and don't really care about. Ignoring a PR would mean risking a lawsuit.
Plus, do we really want government involved in telling us what software we can and can't put on the internet? Because that's what this would mean.
"They should be sued for distributing outdated insecure software" is a fun one-liner, but the ramifications if it would actually happen are huge and almost entirely negative for the Open Source world.
I think you’d have at the very very least specify an actual harm against you, and even then you’d likely be told immediately that they have no obligation to provide anything given there’s no support contract.
Sue them... for what? What do you plan to put in your paperwork? What are you going to say to the judge?