These are all security issues fixed in the flatpak-1.12.4-1.1 package on the GA media of openSUSE Tumbleweed.
{ "binaries": [ { "flatpak-devel": "1.12.4-1.1", "typelib-1_0-Flatpak-1_0": "1.12.4-1.1", "flatpak-zsh-completion": "1.12.4-1.1", "libflatpak0": "1.12.4-1.1", "flatpak": "1.12.4-1.1", "system-user-flatpak": "1.12.4-1.1" } ] }