The Wayback Machine - http://web.archive.org/web/20211111111338/https://github.com/github/securitylab/issues
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

21 Open 211 Closed
21 Open 211 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀
CPP: Add query for CWE-377 Insecure Temporary File All For One
#475 opened Nov 10, 2021 by ihsinme
1 task done
CPP: Add query for CWE-243 Creation of chroot Jail Without Changing Working Directory All For One
#466 opened Nov 3, 2021 by ihsinme
1 task done
[codeql-go]dependencies skipped while creating a database
#448 opened Oct 11, 2021 by hshenCode
CPP: Add query for CWE-1041 Use of Redundant Code All For One
#443 opened Sep 29, 2021 by ihsinme
1 task done
12
New experimental query: Java BigDecimal DOS All For One
#435 opened Sep 22, 2021 by tonghuaroot
1 task done
3
Additional hardcoded credentials candidates 3rd-party api calls All For One
#432 opened Sep 20, 2021 by bananabr
1 task done
9
[Java] CWE-400: Query to detect uncontrolled thread resource consumption All For One
#431 opened Sep 20, 2021 by luchua-bc
1 task done
3
ihsinme: CPP Add query for CWE-675 Duplicate Operations on Resource All For One
#428 opened Sep 5, 2021 by ihsinme
1 task done
5
[Python]: CWE-611: XXE All For One
#424 opened Aug 25, 2021 by jorgectf
1 task done
5
Java: Regex injection The Bug Slayer
#423 opened Aug 18, 2021 by edvraa
5
Java: An experimental query for ignored hostname verification All For One
#419 opened Aug 8, 2021 by artem-smotrakov
1 task done
4
Java : Add query to detect Server Side Template Injection (SSTI) All For One
#410 opened Jul 21, 2021 by porcupineyhairs
4
[porcupiney.hairs]: [Python] Add Flask Path injection sinks All For One
#407 opened Jul 19, 2021 by porcupineyhairs
10
[Java] CWE-089: MyBatis Mapper XML SQL Injection All For One
#406 opened Jul 19, 2021 by haby0
1 task done
23
ihsinme: CPP Add a query to find incorrectly used exceptions. All For One
#403 opened Jul 15, 2021 by ihsinme
1 task done
9
[Python]: CWE-079: HTTP Header injection All For One
#385 opened Jun 18, 2021 by jorgectf
1 task done
3
[codeql-go]: Mass Add Web Framework Models With the Help of Code Generation All For One
#335 opened Apr 7, 2021 by gagliardetto
1 task
9
[Python]: JWT security-related queries All For One
#331 opened Apr 4, 2021 by jorgectf
1 task done
4
[C#] CWE-759: Query to detect password hash without a salt All For One
#233 opened Jan 13, 2021 by luchua-bc
1 task done
20
[Java] CWE-117: CodeQL query to detect Log Injection
#144 opened Jul 2, 2020 by dellalibera
1 task done
6
[JAVA] CWE-706: Use of Incorrectly-Resolved Name or Reference & CWE-201: Exposure of Sensitive Information Through Sent Data
#136 opened Jun 24, 2020 by intrigus-lgtm
1 task done
2
ProTip! Exclude everything labeled bug with -label:bug.