Surely they did happen, a tiny set, meanwhile the C flaws that allowed the Morris worm to happen 30 years ago, are still present in C11 being written today.
I use OpenBSD, other OS'es focusing on performance over security doesn't interest me. Except 9front, but because of the huge networked grid as a bare computer.
But in OpenBSD even plan9port compiled software is done with Retguard:
I advise you to watch the CCC talk about validation of OpenBSD exploit mitigation features.
Yes, it is great that OpenBSD values security over performance, but as the talk shows, not every security feature is as secure in practice as OpenBSD sells it.