These are all security issues fixed in the libnghttp2-14-1.55.1-1.1 package on the GA media of openSUSE Tumbleweed.
{ "binaries": [ { "libnghttp2-devel": "1.55.1-1.1", "nghttp2": "1.55.1-1.1", "libnghttp2-14": "1.55.1-1.1", "libnghttp2-14-32bit": "1.55.1-1.1" } ] }