Here are a couple of more recent RCE's:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2521... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625

There are numerous DoS CVE's over the same time period.

SPNEGO, (and GSS-API) used by less than 1% of the Bind users (by observatory) and exploitable if configured as enabled that the entire code segment got removed by the maintainer from its code permanently.

The rest is pretty solid and well tested.