There are 2 open security issues in buster.
2 issues left for the package maintainer to handle:
Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599.
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.
You can find information about how to handle these issues in the security team's documentation.