Gitlab #1122408 CSRF on /api/graphql allows executing mutations through GET requests
HackerOne #1264725 Information disclosure - Feedback is accessible on Public profile even after 'disallowed' at https://hackerone.com/settings/feedback
Informatica #1011888 Improper Sanitization leads to XSS Fire on admin panel
