You probably don't need an LLM to find vulnerabilities in software written like this. It took me a few minutes with GitHub in a web browser, but I'm sure you could make some headway with semgrep if you were bold enough.

Lol no need for LLM. This kind of problems can be caught straight by C compiler itself with -Wall or equivalent switch. Plus there are plenty of static code analyzers. Clearly no one cares here.

First, can you point to examples where using LLMs to find vulnerabilities works?