Here's an example:
https://www.reddit.com/r/debian/comments/pgv3wc/debian_chromium_package_has_many_security_issues/
Being able to run a distribution on multiple machines does not mean it is free of vulnerabilities. You'd only know if you're checking CVEs for each package you use.