-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Pull requests: github/codeql
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
CPP: Add query for CWE-297: Improper Validation of Certificate with Host Mismatch
C++
documentation
#9086
opened May 9, 2022 by
ihsinme
Loading…
Java: CWE-378: Temp Directory Hijacking Race Condition Vulnerability
documentation
Java
#4473
opened Oct 14, 2020 by
JLLeitschuh
Loading…
JS: Add Permissive CORS query (CWE-942)
documentation
external-contribution
JS
#14342
opened Sep 29, 2023 by
maikypedia
Loading…
Go: add memoryAllocationDos query
documentation
Go
#12663
opened Mar 25, 2023 by
blue-bird1
Loading…
Java: QL Query to Detect Security Sensitive non-CSPRNG usage
Java
#2694
opened Jan 24, 2020 by
JLLeitschuh
Loading…
[CPP-435] Calls to
memset
and ZeroMemory
may be deleted by the compiler
C++
#1933
opened Sep 13, 2019 by
zlaski-semmle
•
Draft
JS: Dynamic import as code injection sink
documentation
external-contribution
JS
#14293
opened Sep 22, 2023 by
am0o0
Loading…
JS: decoding JWT without signature verification
documentation
JS
#14088
opened Aug 29, 2023 by
am0o0
Loading…
Python: New command execution sinks
documentation
external-contribution
no-change-note-required
This PR does not need a change note
Python
#15715
opened Feb 25, 2024 by
am0o0
Loading…
Add auto-remediation to InsecureDependencyResolution.qhelp
documentation
Java
#8790
opened Apr 20, 2022 by
JLLeitschuh
Loading…
Javascript: Regex Global Flag in Test Function
documentation
external-contribution
JS
#15163
opened Dec 19, 2023 by
aydinnyunus
•
Draft
C++: Decompression Bombs
C++
documentation
external-contribution
#13560
opened Jun 25, 2023 by
am0o0
Loading…
C#: Adds check for Server Side Template Injection vulnerabilities in RazorEngine
C#
#4313
opened Sep 22, 2020 by
cldrn
Loading…
Java: add query to detect web.xml auth bypass through verb tampering
Java
#3944
opened Jul 12, 2020 by
porcupineyhairs
•
Draft
C++: Use TaintTracking::Configuration in TaintedAllocationSize
C++
depends on internal PR
This PR should only be merged in sync with an internal Semmle PR
#3519
opened May 19, 2020 by
rdmarsh2
Loading…
JS/TS: insecure Helmet middleware (new query)
documentation
JS
#16540
opened May 21, 2024 by
aegilops
Loading…
Java: Decompression Bombs
documentation
external-contribution
Java
#13555
opened Jun 24, 2023 by
am0o0
Loading…
Java: Adapt unsafe deserialization to SnakeYaml 2.0, which is secure by default
documentation
Java
#13347
opened Jun 1, 2023 by
jorgectf
Loading…
C++: Fix global flow without an SSA definition
C++
no-change-note-required
This PR does not need a change note
Previous Next
ProTip!
Exclude everything labeled
bug
with -label:bug.