imo curl is quite well maintained.
there are a lot of sloppy projects out there and tools like this shows whos been swimming with their pants down.
not saying any project with vulnerabilities are sloppy but when costs of finding bugs and vulnerabilities decrease significantly, they will get exposed with enough time and tokens ($)