Gitlab reports: An attacker can run pipeline jobs as an arbitrary user Developer user with admin_compliance_framework permission can change group URL Admin push rules custom role allows creation of project level deploy token Package registry vulnerable to manifest confusion User with admin_group_member permission can ban group members Subdomain takeover in GitLab Pages