Comparing Java Serialization with $language Serialization, and the usage of both of the languages, does Java have more RCEs per line written than $language? Or is it just a function of its popularity?
The java ecosystem has a frustrating habbit of solving problems with java's lack of expressiveness with layers of expression and templating languages, and has had some nasty RCE's as a result. (see: OGNL, freemarker)
I don't know if it's better or worse than other languages but let's not pretend it's not a problem.