These are all security issues fixed in the expat-2.6.3-1.1 package on the GA media of openSUSE Tumbleweed.
{ "binaries": [ { "libexpat-devel-32bit": "2.6.3-1.1", "expat": "2.6.3-1.1", "libexpat-devel": "2.6.3-1.1", "libexpat1": "2.6.3-1.1", "libexpat1-32bit": "2.6.3-1.1" } ] }