There are 2 open security issues in bullseye.
2 issues left for the package maintainer to handle:
An issue was discovered in the nix crate before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.
You can find information about how to handle these issues in the security team's documentation.