"External status checks" can be accepted by users below developer access if the user is either author or assignee of the target merge request https://hackerone.com/reports/1375393 Disclosed at: 2022-06-08 14:04:26 UTC+0 Created at: 2021-10-20 07:03:56 UTC+0
Stored XSS on issue comments and other pages which contain notes https://hackerone.com/reports/1398305 Disclosed at: 2022-06-08 14:02:11 UTC+0 Created at: 2021-11-11 14:55:36 UTC+0
Open redirect on https://www\.glassdoor\.com/profile/siwa\.htm via state parameter https://hackerone.com/reports/1097208 Disclosed at: 2022-06-08 11:44:05 UTC+0 Created at: 2021-02-06 14:55:17 UTC+0