There is 1 open security issue in buster.
1 issue left for the package maintainer to handle:
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
You can find information about how to handle this issue in the security team's documentation.