CVEs affecting projects tracked on Release Alert, from NVD & OSV.
GitLab through 12.9 is affected by a potential DoS in repository archive download.