Skip to content

Pull requests: github/codeql

New pull request New
Clear current search query, filters, and sorts
78 Open 548 Closed
78 Open 548 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

ReDoS refactorizations documentation Java JS Python QL-for-QL Ruby
#8522 by erik-krogh Contributor was closed Jun 29, 2022 Draft
151
Data flow: Use parameterized module to share code between pruning stages C# C++ Java Python Ruby
#8301 by hvitved Contributor was closed Aug 8, 2022 Draft
149
Java: CWE-1004 Query to check sensitive cookies without the HttpOnly flag set documentation Java
#5307 by luchua-bc Contributor was merged Apr 13, 2021 Loading…
@smowton
131
[Java] CWE-089 MyBatis Mapper Sql Injection documentation Java no-change-note-required This PR does not need a change note
#6319 by haby0 Contributor was merged Dec 9, 2021 Loading…
118
[Java] CWE-348: Using a client-supplied IP address in a security check documentation Java
#5631 by haby0 Contributor was merged Apr 30, 2021 Loading…
@smowton
108
Java: Unsafe resource loading in Android webview C# C++ documentation Java JS Python
#3706 by luchua-bc Contributor was closed Oct 19, 2020 Loading…
@smowton
104
Java: CWE-502 Unsafe JSON deserialization with Gson, Flexjson, Jabsorb and JoddJson documentation Java
#5954 by luchua-bc Contributor was closed Oct 12, 2021 Loading…
@aschackmull
101
[Java] Add QL for detecting Spring View Manipulation Vulnerabilities. documentation Java no-change-note-required This PR does not need a change note
#4214 by ghost was merged Mar 2, 2021 Loading…
@smowton
90
Java: Experimental version of Java Command Injection query documentation Java
#13484 by aegilops Contributor was merged Aug 4, 2023 Loading…
86
Java: Add query - insecure environment configuration during JMX/RMI server init documentation Java
#5811 by timoles Contributor was merged Jun 25, 2021 Loading…
74
Java: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') documentation Java no-change-note-required This PR does not need a change note
#5435 by haby0 Contributor was merged Aug 2, 2021 Loading…
@smowton
58
WIP: Add threat models to java Java
#12958 by aeisenberg Contributor was closed Oct 19, 2023 Draft
56
Generalize data-flow library in preparation for C# adoption C++ Java
#1226 by hvitved Contributor was merged May 6, 2019 Loading…
53
RFC - framework data-flow packs C# C++ Java Python
#4443 by hvitved Contributor was closed Oct 16, 2020 Draft
51
Java: Expand org.apache.commons.codec model Java
#6988 by bmuskalla Contributor was closed Feb 24, 2022 Loading…
51
Data flow: Refactoring + performance improvements C# C++ Java
#2903 by hvitved Contributor was merged Mar 23, 2020 Loading…
@aschackmull
50
Quantum: Support for BouncyCastle signature algorithms and block cipher modes documentation Java
#19568 by fegge Contributor was closed Oct 2, 2025 Loading…
47
[Java] CWE-601 Spring url redirection detect documentation Java
#5844 by haby0 Contributor was merged May 18, 2021 Loading…
47
Java: CWE-502 Add UnsafeDeserialization sinks documentation Java
#5881 by haby0 Contributor was merged Jun 17, 2021 Loading…
@aschackmull
46
Data flow: generalize flow-through summaries C# C++ Java
#2631 by hvitved Contributor was merged Feb 17, 2020 Loading…
@aschackmull
44
Java: Untrusted data used in external APIs Java
#3938 by lcartey Contributor was merged Aug 13, 2020 Loading…
44
Java: CWE-625 Query to detect regex dot bypass documentation Java
#9873 by luchua-bc Contributor was merged Aug 31, 2022 Loading…
39
Java: Promote HashWithoutSalt query documentation Java ready-for-doc-review This PR requires and is ready for review from the GitHub docs team.
#8541 by joefarebrother Contributor was closed Oct 25, 2022 Loading…
38
Java: Add query for Improper Verification of Intent by Broadcast Receiver (CWE-925) documentation Java ready-for-doc-review This PR requires and is ready for review from the GitHub docs team.
#8669 by joefarebrother Contributor was merged Jun 29, 2022 Loading…
37
Java/C++/C#: Add support for taint-getter/setter summaries in data flow. C# C++ Java
#2498 by aschackmull Contributor was merged Jan 15, 2020 Loading…
35
ProTip! Filter pull requests by the default branch with base:main.