Skip to content

Pull requests: github/codeql

New pull request New
Clear current search query, filters, and sorts
329 Open 12,840 Closed
329 Open 12,840 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

CPP: Add query for CWE-297: Improper Validation of Certificate with Host Mismatch C++ documentation
#9086 opened May 9, 2022 by ihsinme Loading…
@MathiasVP
37
Java: CWE-378: Temp Directory Hijacking Race Condition Vulnerability documentation Java
#4473 opened Oct 14, 2020 by JLLeitschuh Loading…
@smowton
84
JS: Add Permissive CORS query (CWE-942) documentation external-contribution JS
#14342 opened Sep 29, 2023 by maikypedia Loading…
@erik-krogh
80
Go: add memoryAllocationDos query documentation Go
#12663 opened Mar 25, 2023 by blue-bird1 Loading…
31
JS: Support a taint tracking for arguments of .apply() function call JS
#6559 opened Aug 26, 2021 by yuske Draft
@erik-krogh
15
Java: Add JDK sinks C# Java
#11389 opened Nov 23, 2022 by tamasvajk Loading…
33
Java: QL Query to Detect Security Sensitive non-CSPRNG usage Java
#2694 opened Jan 24, 2020 by JLLeitschuh Loading…
24
[CPP-435] Calls to memset and ZeroMemory may be deleted by the compiler C++
#1933 opened Sep 13, 2019 by zlaski-semmle Draft
41
JS: Dynamic import as code injection sink documentation external-contribution JS
#14293 opened Sep 22, 2023 by am0o0 Loading…
14
JS: decoding JWT without signature verification documentation JS
#14088 opened Aug 29, 2023 by am0o0 Loading…
45
Python: New command execution sinks documentation external-contribution no-change-note-required This PR does not need a change note Python
#15715 opened Feb 25, 2024 by am0o0 Loading…
33
Add auto-remediation to InsecureDependencyResolution.qhelp documentation Java
#8790 opened Apr 20, 2022 by JLLeitschuh Loading…
1
9
Javascript: Regex Global Flag in Test Function documentation external-contribution JS
#15163 opened Dec 19, 2023 by aydinnyunus Draft
8
C++: Decompression Bombs C++ documentation external-contribution
#13560 opened Jun 25, 2023 by am0o0 Loading…
13
C#: Adds check for Server Side Template Injection vulnerabilities in RazorEngine C#
#4313 opened Sep 22, 2020 by cldrn Loading…
@hvitved
16
Java: add query to detect web.xml auth bypass through verb tampering Java
#3944 opened Jul 12, 2020 by porcupineyhairs Draft
@smowton
29
C++: Use TaintTracking::Configuration in TaintedAllocationSize C++ depends on internal PR This PR should only be merged in sync with an internal Semmle PR
#3519 opened May 19, 2020 by rdmarsh2 Loading…
12
C++: replace ReturnValue nodes in flow paths C++
#7796 opened Jan 31, 2022 by rdmarsh2 Draft
6
Java: IPA the CFG. Java
#711 opened Dec 20, 2018 by aschackmull Loading…
9
JS/TS: insecure Helmet middleware (new query) documentation JS
#16540 opened May 21, 2024 by aegilops Loading…
7
Java: Add JDK17 df-generated summary models Java
#13962 opened Aug 14, 2023 by jcogs33 Draft
5
C#: Decompression Bombs C# documentation external-contribution
#13558 opened Jun 24, 2023 by am0o0 Draft
5
Java: Decompression Bombs documentation external-contribution Java
#13555 opened Jun 24, 2023 by am0o0 Loading…
22
Java: Adapt unsafe deserialization to SnakeYaml 2.0, which is secure by default documentation Java
#13347 opened Jun 1, 2023 by jorgectf Loading…
8
C++: Fix global flow without an SSA definition C++ no-change-note-required This PR does not need a change note
#12740 opened Apr 2, 2023 by MathiasVP Draft
5
ProTip! Exclude everything labeled bug with -label:bug.