Just look on the list of security issues which WordPress 3.5.1. release addresses:
- A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions.
- Two instances of cross-site scripting via shortcodes and post content.
- A cross-site scripting vulnerability in the external library Plupload.
Are you still waiting? Go-go-go! Go to your WordPress update center, and press update button. Do not forget to make files and database backup before update, of course.
Detailed information is available at WordPress News page.