CVEs affecting projects tracked on Release Alert, from NVD & OSV.
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.