These are all security issues fixed in the xerces-j2-2.12.2-1.1 package on the GA media of openSUSE Tumbleweed.
{ "binaries": [ { "xerces-j2": "2.12.2-1.1", "xerces-j2-demo": "2.12.2-1.1", "xerces-j2-javadoc": "2.12.2-1.1" } ] }