Yes, but not nearly to the same extent. The GPG vulns are staggering in comparison.

All software has bugs. But having a small purpose-built program do one thing well is much smaller attack surface. The Unix philosophy also makes a pretty good security argument.