Most of those security bugs have been found by using http://lcamtuf.coredump.cx/afl/ for fuzzing the config parser of NetHack.
Also read the hilarious account how neglecting the integer range of parsing a number lead to a config that gives you an almost invincible character from the start:
The great thing about NetHack is that even a +127 cloak of magic resistance still won’t protect you from cockatrice stoning, disease from major demons, choking on food, drowning, nymphs stealing the cloak, poisoning, starvation, drawbridges, disintegration, brainlessness due to mind flayers, angry gods, or level drain.
In short, there’s plenty of ways to die in NetHack!
One of the things I love about nethack is that these things effectively amount to magic. Arcane knowledge of how the (virtual) works underneath beneath that which is (virtually) physical allows you to manipulate the world in strange ways that seem logically impossible. Nethack developers are among the few who can claim that a bug is a feature and be half-serious about it :-).
In short, there’s plenty of ways to die in NetHack!