CVEs affecting projects tracked on Release Alert, from NVD & OSV.
GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.