Trail of bits completed a full code audit last year. Malicious or just poor code can still get added in after that but one would hope that security focussed maintainers would have their eye on this sort of thing.