There are 3 open security issues in buster.
3 issues left for the package maintainer to handle:
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
You can find information about how to handle these issues in the security team's documentation.