Apple has released Security Update 2020-005 for macOS 10.14 Mojave and 10.13 High Sierra, patching a couple of security vulnerabilities in the older operating systems. The updates for both Mojave and High Sierra address a sandbox logic issue that could allow a malicious application to access restricted files and an ImageIO issue that could lead to arbitrary code execution when processing a maliciously crafted image. The update for High Sierra also resolves an issue with Mail that could allow a remote attacker to alter application state.
We recommend avoiding Security Update 2020-005 for Mojave for now. Numerous problems are being reported, including issues with creating new users. The High Sierra update does not seem to be causing problems and even addresses a problem with PPPoE connections. (Free. For 10.14 Mojave, 1.69 GB; for 10.13 High Sierra, 2.12 GB; security content release notes)