Skip to content

Pull requests: github/codeql

New pull request New
Clear current search query, filters, and sorts
95 Open 4,542 Closed
95 Open 4,542 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Improve actions/ql/src/Security/CWE-829/UntrustedCheckoutX queries Actions Analysis of GitHub Actions documentation
#21715 opened Apr 15, 2026 by knewbury01 Contributor Loading… updated Apr 30, 2026
@knewbury01
11
Fix/path injection read subkind documentation Java
#21741 opened Apr 21, 2026 by MarkLee131 Contributor Loading… updated Apr 30, 2026
5 tasks done
1
8
docs: Add 'Customizing library models for Rust' documentation documentation ready-for-doc-review This PR requires and is ready for review from the GitHub docs team.
#21727 opened Apr 17, 2026 by coadaflorin Contributor Loading… updated Apr 29, 2026
52
Go: migrate control flow graph to shared CFG library documentation Go
#21614 opened Mar 30, 2026 by Copilot AI Draft updated Apr 24, 2026
@owen-mc
9
Actions: Add experimental prompt injection queries for CWE 1427 Actions Analysis of GitHub Actions documentation
#21675 opened Apr 9, 2026 by data-douser Contributor Draft updated Apr 23, 2026
2
Actions: Add experimental queries for AI output validation CWE 1426 Actions Analysis of GitHub Actions documentation
#21678 opened Apr 9, 2026 by data-douser Contributor Draft updated Apr 23, 2026
1
Extend actions/unpinned-tag to analyze composite action metadata (action.yml / action.yaml) Actions Analysis of GitHub Actions documentation
#21692 opened Apr 10, 2026 by Copilot AI Loading… updated Apr 20, 2026
@oscarsj
6
Just: introduce common "verbs" Actions Analysis of GitHub Actions C# C++ documentation Go Java JS Kotlin Python Ruby Rust Pull requests that update Rust code Swift
#19978 opened Jul 4, 2025 by redsun82 Contributor Loading… updated Apr 15, 2026
5
Add docs comment about deduplicating query rows documentation
#21693 opened Apr 10, 2026 by k4lizen Loading… updated Apr 10, 2026
Add extra source to actions CWE-094/CodeInjectionMedium Actions Analysis of GitHub Actions documentation
#21672 opened Apr 8, 2026 by knewbury01 Contributor Loading… updated Apr 8, 2026
@knewbury01
3
Actions: Add workflow_dispatch and workflow_call input sources for code injection Actions Analysis of GitHub Actions documentation
#21660 opened Apr 6, 2026 by tspascoal Contributor Loading… updated Apr 7, 2026
8
Rust: Add AlertSuppression.ql for inline suppression comments documentation Rust Pull requests that update Rust code
#21638 opened Apr 2, 2026 by cnuss Loading… updated Apr 7, 2026
5 tasks done
1
3
Actions: Add four experimental queries Actions Analysis of GitHub Actions documentation
#21624 opened Mar 31, 2026 by JamieMagee Loading… updated Apr 2, 2026
18
Actions: Add new query actions/code-injection/low for code injection with step outputs Actions Analysis of GitHub Actions documentation
#20974 opened Dec 5, 2025 by owen-mc Contributor Loading… updated Mar 30, 2026
3
Actions: Removed a false positive injection sink model for theveracode/veracode-sca action. Actions Analysis of GitHub Actions documentation
#21604 opened Mar 27, 2026 by XinyuZhangXvX Loading… updated Mar 27, 2026
3
Actions: Add taint summary for suisei-cn/actions-download-file url input Actions Analysis of GitHub Actions documentation
#21600 opened Mar 27, 2026 by XinyuZhangXvX Loading… updated Mar 27, 2026
1
Add XXE query for Rust (rust/xxe, CWE-611) documentation Rust Pull requests that update Rust code
#21352 opened Feb 20, 2026 by Copilot AI Draft updated Mar 27, 2026
@geoffw0
1
Go: use shared SSA library (codeql.ssa.Ssa) documentation Go
#21554 opened Mar 23, 2026 by Copilot AI Draft updated Mar 25, 2026
@owen-mc
4
Qlucie trigger documentation
#21524 opened Mar 20, 2026 by sam-robson Loading… updated Mar 20, 2026
3
Add CodeQL support and tests for Micronaut framework documentation Java
#21387 opened Feb 27, 2026 by nicolaswill Contributor Loading… updated Mar 6, 2026
38
Actions: improve improper access control query Actions Analysis of GitHub Actions documentation
#20904 opened Nov 25, 2025 by redsun82 Contributor Loading… updated Mar 3, 2026
1
5
Actions: Update reference link Actions Analysis of GitHub Actions documentation
#21295 opened Feb 8, 2026 by thatrobotdev Loading… updated Feb 8, 2026
JS: Only exclude JS files in the tsconfig outDir documentation JS
#21121 opened Jan 8, 2026 by asgerf Contributor Draft updated Jan 19, 2026
1
1
Rust: Exclude self parameter accesses from rust/access-after-lifetime-ended documentation Rust Pull requests that update Rust code
#21155 opened Jan 12, 2026 by geoffw0 Contributor Loading… updated Jan 16, 2026
3 tasks done
5
Bump the go_modules group across 2 directories with 3 updates dependencies Pull requests that update a dependency file documentation Go
#20608 opened Oct 9, 2025 by dependabot Bot Loading… updated Nov 25, 2025
2
ProTip! Exclude everything labeled bug with -label:bug.