Skip to content

Pull requests: github/codeql

New pull request New
Clear current search query, filters, and sorts
85 Open 2,480 Closed
85 Open 2,480 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Java: treat hash/encrypt/digest methods as sensitive-log sanitizers documentation Java
#21654 by MarkLee131 Contributor was merged Apr 30, 2026 Loading… updated Apr 30, 2026
1
5
Narrow ZipSlip sinks to file write operations, excluding read-only paths documentation Java
#21609 by MarkLee131 Contributor was closed Apr 30, 2026 Loading… updated Apr 30, 2026
1
3
C#: Include parameters and their defaults in the CFG C# Java no-change-note-required This PR does not need a change note
#21759 by hvitved Contributor was merged Apr 30, 2026 Loading… updated Apr 30, 2026
11
Java: add RegexpCheckBarrier to trust-boundary-violation sanitizers documentation Java
#21656 by MarkLee131 Contributor was merged Apr 29, 2026 Loading… updated Apr 29, 2026
7
Move generated MaDs into modelgenerator/ C# C++ Java no-change-note-required This PR does not need a change note Rust Pull requests that update Rust code
#21751 by jacknojo Contributor was merged Apr 29, 2026 Loading… updated Apr 29, 2026
11
Revert "Release preparation for version 2.25.3" Actions Analysis of GitHub Actions C# C++ DataFlow Library documentation Go Java JS Python Ruby Rust Pull requests that update Rust code Swift
#21758 by mbg Member was merged Apr 27, 2026 Loading… updated Apr 27, 2026
4
C#: Move handling of callables into shared control flow library C# Java no-change-note-required This PR does not need a change note
#21743 by hvitved Contributor was merged Apr 23, 2026 Loading… updated Apr 23, 2026
19
Java: recognize Path.toRealPath() as path normalization sanitizer documentation Java
#21652 by MarkLee131 Contributor was merged Apr 23, 2026 Loading… updated Apr 23, 2026
1
1
C#: Replace CFG with the shared implementation C# documentation Java
#21565 by aschackmull Contributor was merged Apr 21, 2026 Loading… updated Apr 21, 2026
33
Document models-as-data barriers and barrier guards and add change notes C# C++ documentation Go Java JS Python ready-for-doc-review This PR requires and is ready for review from the GitHub docs team. Ruby Rust Pull requests that update Rust code
#21523 by owen-mc Contributor was merged Apr 21, 2026 Loading… updated Apr 21, 2026
51
Java: reduce false positives in sensitive-log documentation Java
#21650 by MarkLee131 Contributor was merged Apr 21, 2026 Loading… updated Apr 21, 2026
1
6
Fix GitHub History + Upgrade to 2.22.2 Actions Analysis of GitHub Actions C# C++ documentation Go Java JS Kotlin
#20195 by dilanbhalla Contributor was closed Aug 8, 2025 Loading… updated Apr 20, 2026
2
Java: fix bug in partial path traversal documentation Java
#21734 by owen-mc Contributor was merged Apr 20, 2026 Loading… updated Apr 20, 2026
4
Java: Add XXE sink model for Woodstox WstxInputFactory documentation Java
#21718 by chmodxxx Contributor was merged Apr 17, 2026 Loading… updated Apr 17, 2026
5
Merge rc/3.20 into main Actions Analysis of GitHub Actions C# C++ DataFlow Library documentation Go Java JS Python Ruby Rust Pull requests that update Rust code Swift
#21156 by igfoo Contributor was merged Jan 13, 2026 Loading… updated Apr 14, 2026
1
Shared: update code comments explaining models-as-data format to include barriers and barrier guards C# C++ DataFlow Library Go Java JS no-change-note-required This PR does not need a change note Python Ruby Rust Pull requests that update Rust code Swift
#21584 by owen-mc Contributor was merged Apr 14, 2026 Loading… updated Apr 14, 2026
16
Bump org.apache.logging.log4j:log4j-core from 2.14.1 to 2.25.3 in /java/ql/test/utils/flowtestcasegenerator in the maven group across 1 directory dependencies Pull requests that update a dependency file Java
#21073 by dependabot Bot was closed Apr 10, 2026 Loading… updated Apr 10, 2026
1
Java: Accept new test results after JDK 26 extractor upgrade depends on internal PR This PR should only be merged in sync with an internal Semmle PR Java Kotlin no-change-note-required This PR does not need a change note
#21494 by IdrissRio Contributor was merged Apr 7, 2026 Loading… updated Apr 7, 2026
1
Add more response splitting sinks documentation Java
#5937 by zbazztian Contributor was closed Apr 4, 2026 Loading… updated Apr 4, 2026
4
Kotlin: update to 2.3.20 depends on internal PR This PR should only be merged in sync with an internal Semmle PR documentation Java Kotlin
#21583 by redsun82 Contributor was merged Apr 2, 2026 Loading… updated Apr 2, 2026
2
C#: Replace CFG with the shared implementation. C# Java
#21513 by aschackmull Contributor was closed Mar 30, 2026 Draft updated Mar 30, 2026
9
Exclude bounds-check arithmetic from tainted-arithmetic sinks documentation Java
#21608 by MarkLee131 Contributor was merged Mar 29, 2026 Loading… updated Mar 29, 2026
1
10
Add EC to secure algorithm whitelist for Java CWE-327 query documentation Java
#21594 by MarkLee131 Contributor was merged Mar 28, 2026 Loading… updated Mar 28, 2026
1
14
Kotlin: Support Kotlin 2.3.0 documentation Java Kotlin
#20965 by andersfugmann Contributor was merged Jan 30, 2026 Loading… updated Mar 25, 2026
61
Resolving merge conflicts from origin/main C# C++ documentation Go Java JS Kotlin
#21525 by chanel-y Contributor was closed Mar 20, 2026 Loading… updated Mar 20, 2026
14
ProTip! What’s not been updated in a month: updated:<2026-03-30.