A Drupal security advisory was announced against a moderately critical XSS vulnerability (SA-CONTRIB-2022-004) in the vendor library, jQuery UI, on January 19th, 2022
Drupal security team announced a moderately critical access bypass vulnerability SA-CONTRIB-2022-002 in Simple OAuth (OAuth2) & OpenID Connect on 2022, January 5th.
The Drupal security team has announced a critical access bypass vulnerability SA-CONTRIB-2022-001 in the Super Login module in Drupal 8, posted on 2022, January 5th.
CKEditor has released a security update SA- Core-2021-011 that impacts Drupal. The issue, dated November 17, 2021, is classified as a moderately critical cross-site scripting (XSS) vulnerability.
The latest Drupal newsletter reported quite a few security advisory updates. These security updates are for the Core and are moderately critical level.
Drupal Vendor library security release came into effect on August 8th according to PSA . The Core update addresses the CKEditor cross-site scripting issue.