These are all security issues fixed in the libnghttp2-14-1.43.0-1.6 package on the GA media of openSUSE Tumbleweed.
{ "binaries": [ { "libnghttp2-devel": "1.43.0-1.6", "libnghttp2_asio1": "1.43.0-1.6", "libnghttp2-14": "1.43.0-1.6", "libnghttp2_asio1-32bit": "1.43.0-1.6", "nghttp2": "1.43.0-1.6", "libnghttp2_asio-devel": "1.43.0-1.6", "libnghttp2-14-32bit": "1.43.0-1.6" } ] }