All three have had flaws of one sort or another discovered since 2005 (TLS has had several; OpenSSH had the Debian keygen thing and an SSHv1 vulnerabiity, and possibly others; GPG apparently had a couple of problems back in 2006).
TLS has definitely had more severe issues, but then, it's also the most widely deployed (so undiscovered flaws are more likely to be discovered). On the other hand, it's also solving the most complicated problem of the three.
The number and nature of the flaws in TLS actually give me more confidence in it. It's not that other systems don't have similar or worse flaws; it's that these kinds of flaws are a cast iron bitch to find, and TLS is the protocol with the maximum incentive for study.
Give it time; we'll find something horrible out about ISAKMP.
