There is 1 open security issue in buster.
1 issue left for the package maintainer to handle:
Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.
You can find information about how to handle this issue in the security team's documentation.