Recent Drupal core security update for information disclosure was released this week. To solve this issue you need to use the updated version of Drupal 7, 8 and 9.
This security advisory corresponds to a 3rd party vulnerability. The solution is to install the latest version (8.x-2.6) of this module and update dompdf/dompdf at the same time.
The module does not sufficiently filter user-provided text on output, resulting in a Cross-Site Scripting (XSS) vulnerability. The solution is to use the latest updated version.
The module doesn't sufficiently check access for the edit and delete operations. Users with "access content" permission can edit or delete any term. To solve this issue use the latest version.
The Drupal Security team announced on March 23rd, 2022 the moderately critical Privilege escalation vulnerability in the Role Delegation project according to the Security advisory SA-CONTRIB-2022-031.
The Drupal Security team announced the Colorbox Node project as unsupported on March 23rd, 2022, and therefore the vulnerability that was detected as critical according to the Security advisory SA-CONTRIB-2022-030