scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
https://www.debian.org/security/2020/dsa-4756
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00076.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00064.html