tl;dr: several vulnerabilities, including a remote code execution which affects all GitLab versions since 8.9.0. Patches are available for 10.3, 10.2 and 10.1. There's also an alternative workaround which consists of disabling the "GitLab export" importer from the admin settings. Vulnerability details will be published on their blog approximately 30 days from now.
It's really bad when you need a tl:dr on a security vulnerabilities release, it was a lot more bugs than I expected, I wonder if GitHub enterprises is just as bad?