Simply put, a vulnerability is code that allows someone outside the system to do things they are not supposed to do. It still can work just fine in normal use cases, but if someone calls it the right way, they are able to:

* crash the system
* slow down the system
* run code the designer didn’t intend
* manipulate data inside the system
* access operating system level functions

This is very bad when it happens to your code. It’s worse when the vulnerability is in a shared library that is used in a lot of systems.