There are 2 open security issues in buster.
2 issues left for the package maintainer to handle:
Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.
Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.
You can find information about how to handle these issues in the security team's documentation.