The module doesn't sufficiently verify that it's communicating with the correct server when using the Elavon (On-site) payment gateway, to correct this you can install the latest version.
The Tagify module security update helps deal access bypass as an attacker with the permission "access content" can view and reference unpublished terms.
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. To correct this install the recent version of Drupal 9.
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. In order to solve that install the latest Drupal 9 versions.
Recent Drupal core security update for information disclosure was released this week. To solve this issue you need to use the updated version of Drupal 7, 8 and 9.
This security advisory corresponds to a 3rd party vulnerability. The solution is to install the latest version (8.x-2.6) of this module and update dompdf/dompdf at the same time.
The module does not sufficiently filter user-provided text on output, resulting in a Cross-Site Scripting (XSS) vulnerability. The solution is to use the latest updated version.
The module doesn't sufficiently check access for the edit and delete operations. Users with "access content" permission can edit or delete any term. To solve this issue use the latest version.