Only links that you have access to visit should be displayed
Links you cannot access are displayed, but if you click them, you get an access denied message.
\Drupal\system\Controller\SystemController::overview does include a check that should prevent this - the commit message references #1805054: Cache localized, access filtered, URL resolved, and rendered menu trees β
Closed: cannot reproduce
9.5
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.