As the many responses indicate, you've set the bar way too high here. A more narrow question could be something like:
"Did someone ever find an exploitable bug of the type it was intended to be safe from?" In other words, are there examples of the safety guarantees themselves being exploited?
The answer to this is "of course there have." An entire class of such exploits can be derived from CVE-2009-3869. Java 6 and older did not randomize address space, so any ability to write arbitrary memory was easy to exploit. There are other examples.
"Did someone ever find an exploitable bug of the type it was intended to be safe from?" In other words, are there examples of the safety guarantees themselves being exploited?
The answer to this is "of course there have." An entire class of such exploits can be derived from CVE-2009-3869. Java 6 and older did not randomize address space, so any ability to write arbitrary memory was easy to exploit. There are other examples.