Is the lack of CVE because the implementations you wrote are better written and safer than those in the standard libraries or because no one has checked?

Presumably the latter. However, mindlessly bumping package versions to fix bullshit security vulnerabilities is now industry standard practice. Once your client/company reaches a certain size, you will pretty much have to do it to satisfy the demands of some sort of security/compliance jarl.