de0u So far, everything contains bugs... that includes language runtimes (such as the JVM used to run Java and Kotlin), and also lots of library code that is used by programs written in safe languages (such as image processing).
The notion that memory-safe languages are a magic wand is probably 30 to 40 years old, but if we get there it won't be for at least 10 more.
Yes, but this other bugs are not in the scope of memory allocation and tagging as far as I know.
It mainly focuses on buffer overflows and use-after-free vulnerabilities which only really happen in C, C++ and C#, not in for example Kotlin