issues Search Results · repo:github/codeql language:CodeQL is:public is:public
Filter by
2.8k results (125 ms)
2.8k results
ingithub/codeql (press backspace or delete to remove)py/sql-injection already appears to model the sink side correctly through the existing DB-API / PEP249.qll coverage for
execute(...). The gap seems to be on the source side for a common second-order pattern: ...
invoke1442
This looks like a gap in java/xxe around library-style XML helpers. If a public helper takes caller-provided XML as an
InputStream, String, Reader, or URL, builds a DocumentBuilderFactory without XXE hardening, ...
Hi CodeQL team,
I think js/path-injection is missing a fairly common Node/Sails pattern: request-derived values that have already been
normalized by the framework into an inputs object before they reach ...
I ran into a false negative in the Java URL redirection queries for a common Spring MVC pattern.
java/unvalidated-url-redirection does not appear to cover redirects expressed through Spring view names ...
Hi team,
I think I found a false negative in go/email-injection.
I ran into this while looking at ZITADEL s CVE-2025-64101 / GHSA-mwmh-7px9-4c23. The vulnerable flow is:
- host data comes from Forwarded ...
Description of the false negative
py/sql-injection seems to miss a sqlite3/PEP249 pattern where the cursor is created in one method, stored on self, and
then used from another method.
This came up while ...
question
Description of the false negative
py/sql-injection seems to miss a sqlite3/PEP249 pattern where the cursor is created in one method, stored on self, and
then used from another method.
This came up while ...
false-positive
The current CodeQL Java XML query set does not appear to include a dedicated query for insecure TransformerFactory
configuration when secure processing is not enabled and external DTD / stylesheet access ...
question
The current CodeQL Java XML query set does not appear to include a dedicated problem query for cases where
XMLInputFactory is explicitly configured to enable external entities or DTD support.
I checked ...
question
py/ldap-injection reports taint for ldap3.Connection.search(...), but misses equivalent taint flow in:
conn.extend.standard.paged_search(search_base=..., search_filter=...)
from flask import Flask, request ...
9iang22
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.