First, before you panic, please read the advisories.
They do not mean that your router has been compromised, or even is about to be compromised.
Second, do not "bulk update" all your packages!
Bulk updating can create more problems than it resolves. Flashing a new, complete image is often the safest course of action.
Third, these obscure security issues were resolved quickly
TL;DR
Upgrade if not on 18.06.5 or 19.07-RC1 to a current version/snapshot
[OpenWrt-Devel] Security Advisory 2019-11-05-1 - LuCI stored XSS
To workaround the problem, avoid joining networks with HTML code in the
SSID.
[OpenWrt-Devel] Security Advisory 2019-11-05-2 - LuCI CSRF vulnerability (CVE-2019-17367)
To workaround the problem, avoid visiting malicious sites while being
logged into LuCI. Changing the default router IP and hostname can also
help to mitigate the issue somewhat as CSRF exploits require predictable
URL targets to work.
In order to exploit this vulnerability, a malicious actor needs to
perform a man-in-the-middle attack, presenting a requesting ustream-ssl
client with any invalid certificate. The ustream-ssl client will
eventually tear down the SSL connection due to that, but only after
flushing pending data, e.g. the HTTP request payload in case of an
HTTPS client application.
(Upgrade if not on 18.06.5 or 19.07 to a current version/snapshot)