These are all security issues fixed in the cJSON-devel-1.7.18-1.1 package on the GA media of openSUSE Tumbleweed.
{ "binaries": [ { "cJSON-devel": "1.7.18-1.1", "libcjson1": "1.7.18-1.1" } ] }