As I said above, CVE listings are a useless metric for measuring safety of a product. High # of CVEs can easily indicate a safer product with a more mature bug bounty program or an attitude of "Assume it's vulnerable, don't require full exploits to prove it".
There is no good information to be drawn from those two links.
