Path Traversal in LFS Upload
Path traversal allows saving packages in arbitrary location
Kubernetes agent API leaks private repos
Terraform state deletion API exposes object storage URL
Stored-XSS in error message of build-dependencies
Git credentials persisted on disk
Potential Denial of service via container registry
Info leak when group is transferred from private to public group
Limited File Disclosure Via Multipart Bypass
Unauthorized user is able to access scheduled pipeline variables and values
CSRF in runner administration page allows an attacker to pause/resume runners
Regex backtracking attack in path parsing of Advanced Search result
Bypass of required CODEOWNERS approval
SAST CiConfiguration information visible without permissions