There is 1 open security issue in buster.
1 issue left for the package maintainer to handle:
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).
You can find information about how to handle this issue in the security team's documentation.