I don't have any data on exploitability, but 19 of the last 22 vulnerabilities (since 2018) have C-induced memory unsafety as a cause: https://curl.haxx.se/docs/security.html

Oh thanks, that at least gives some idea of the potential. I see e.g. "HTTP/2 trailer out-of-bounds read" and "SSL out of buffer access"... I guess there might be some candidates.

If you start from when Morris worm got released into UNIX world, there will be plenty to chose from.

Quite a bit broader than "libcurl's HTTP/HTTPS handling", though.

Which it sounds like the answer is nonzero. But significantly smaller than "every C bug since 1988".