There is 1 open security issue in buster.
1 issue left for the package maintainer to handle:
iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.
You can find information about how to handle this issue in the security team's documentation.