CVE	Version Affected	Brief Description
CVE-2022-38183	1.16.8	Incorrect Access Control
CVE-2022-30781	1.16.6	Failed to validate migration url for external Github API
CVE-2022-27313	1.16.3	DOS
CVE-2022-1928	1.16.8	XSS Authentication for certain authenticated users
CVE-2022-1058	1.16.4	Open Redirect
CVE-2022-0905	1.16.3	Improper Authorization in PAM for custom built binaries
CVE-2021-45331	1.5.0	2FA Token Reuse
CVE-2021-45330	1.15.7	Session Reuse
CVE-2021-45329	1.5.1	XSS Authentication for certain authenticated users
CVE-2021-45328	1.4.3	Open Redirect
CVE-2021-45327	1.11.2	CSRF in certain curcuimstances
CVE-2021-45326	1.5.1	CSRF in certain curcuimstances
CVE-2021-45325	1.7.0	SSRF in OpenID
CVE-2021-3382	1.13.1	DOS via stackoverflow
CVE-2021-29134	1.13.6	Information Disclosure
CVE-2021-28378	1.13.3	XSS Authentication for certain authenticated users
CVE-2020-28991	1.11.5	Vulnerable upstream Library
CVE-2020-13246	1.11.5	DOS via deadlock
CVE-2019-11576	1.7.5	2FA Bypass in certain curcuimstances
CVE-2019-11229	1.7.5	Vulnerable upstream Library
CVE-2019-11228	1.7.5	Failed to validate migration url
CVE-2019-1010314	1.7.3	XSS Authentication for certain authenticated users
CVE-2019-1010261	1.7.0	XSS Authentication for certain authenticated users
CVE-2019-1000002	1.6.2	Incorrect Access Control
CVE-2018-18926	1.5.3	Vulnerable upstream Library
CVE-2018-15192	1.5.0-rc2	SSRF in Webhooks
CVE-2018-1000803	1.5.0	Exposure of CWE-200 to users with access to specific repositories