There is 1 open security issue in bullseye.
1 issue left for the package maintainer to handle:
A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.
You can find information about how to handle this issue in the security team's documentation.