Index: security/vuxml/vuln.xml
===================================================================
--- security/vuxml/vuln.xml
+++ security/vuxml/vuln.xml
@@ -58,6 +58,37 @@
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="dc0c201c-31da-11e8-ac53-d8cb8abf62dd">
+    <topic>Gitlab -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>gitlab</name>
+	<range><ge>8.3</ge><lt>10.5.6</lt></range>
+	<range><ge>8.3</ge><lt>10.4.6</lt></range>
+	<range><ge>8.3</ge><lt>10.3.9</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>GitLab reports:</p>
+	<blockquote cite="https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/">
+	  <h1>SSRF in services and web hooks</h1>
+	  <p>There were multiple server-side request forgery issues in the Services feature. An attacker could make requests to servers within the same network of the GitLab instance. This could lead to information disclosure, authentication bypass, or potentially code execution. This issue has been assigned <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8801">CVE-2018-8801</a>.</p>
+	  <h1>Gitlab Auth0 integration issue</h1>
+	  <p>There was an issue with the GitLab <code>omniauth-auth0</code> configuration which resulted in the Auth0 integration signing in the wrong users.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2018-8801</cvename>
+      <url>https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/</url>
+    </references>
+    <dates>
+      <discovery>2018-03-20</discovery>
+      <entry>2018-03-27</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="23f59689-0152-42d3-9ade-1658d6380567">
     <topic>mozilla -- use-after-free in compositor</topic>
     <affects>