A vulnerability exists in GitLab versions before 13.1. Under certain conditions the private activity of a user could be exposed via the API.
gitlab gitlab