The latest Drupal newsletter reported quite a few security advisory updates. These security updates are for the Core and are moderately critical level.
Drupal Vendor library security release came into effect on August 8th according to PSA . The Core update addresses the CKEditor cross-site scripting issue.