Debian’s contrib repo, which is the equivalent of Ubuntu’s universe repo, doesn’t get security updates from the Debian security team, as it’s not considered an official part of Debian. Package maintianers have to provide security updates. www.debian.org/security/faq#contrib
The difference is that Ubuntu provide paid support for contrib packages, including patches. Debian doesn’t have any official paid support options.