cUrl as a project has a lot of conceptual attack surface for someone looking to find _anything_.

It is large, very popular (hence impact) and written in C. It supports many many many protocols with all of their real-world implementation quirks. Obscure or mainstream. And always handling user-controlled data.

If your motivation is a cool CVE for your CV, you'd pick such a project as the target of your efforts.