Question about the nightly security scan email

My NextCloudPi 18 generates a security scan email at 2 AM every day. The subject line of the email is "Debian security status of " and the body starts with

Security report based on the buster release

*** New security updates

CVE-2018-12207 Improper invalidation for page table updates by a…
https://security-tracker.debian.org/tracker/CVE-2018-12207

  • linux-libc-dev

CVE-2018-20836 An issue was discovered in the Linux kernel before…
https://security-tracker.debian.org/tracker/CVE-2018-20836

  • linux-libc-dev

CVE-2018-20852 http.cookiejar.DefaultPolicy.domain_return_ok in…
https://security-tracker.debian.org/tracker/CVE-2018-20852

  • libpython2.7, libpython2.7-minimal, libpython2.7-stdlib, python2.7,
    python2.7-minimal

CVE-2018-21029 ** DISPUTED ** systemd 239 through 244 accepts any…
https://security-tracker.debian.org/tracker/CVE-2018-21029

  • libpam-systemd, libsystemd0, libudev1, systemd, systemd-sysv, udev
    (low urgency)

CVE-2019-0136 Insufficient access control in the Intel®…
https://security-tracker.debian.org/tracker/CVE-2019-0136

  • linux-libc-dev

CVE-2019-0154 Insufficient access control in subsystem for Intel…
https://security-tracker.debian.org/tracker/CVE-2019-0154

  • linux-libc-dev

The questions I have are:

  1. Are these critical issues?
  2. Can I do something to eliminate them?
  3. If not, how can I disable the email from being generated?