off topic?
"open source language" doesn't quite compute here.
Is it an open source language compiler (/interpreter) that you refer to, or a publicly documented language ?
I suspect the first, as vulnerabilities match better to actual software than language features, but you never know :) (Actually i'm not really sure the latter makes even sense here since, isn't every programming language "exploitable" in at least a thousand ways, thus it were not a story...)