Gitlab -- Vulnerabilities

Gitlab reports:

XSS and ReDoS in Markdown via Banzai pipeline of Jira
Members with admin_group_member custom permission can add members with higher role
Release Description visible in public projects despite release set as project members only through atom response
Manipulate the repository content in the UI (CVE-2023-3401 bypass)
External user can abuse policy bot to gain access to internal projects
Client-side DOS via Mermaid Flowchart
Developers can update pipeline schedules to use protected branches even if they don’t have permission to merge
Users can install Composer packages from public projects even when Package registry is turned off
Unauthorized member can gain Allowed to push and merge access and affect integrity of protected branches
Guest users can react (emojis) on confidential work items which they cant see in a project