close
The Wayback Machine - https://web.archive.org/web/20210304164333/https://github.com/github/securitylab/issues
Skip to content

/ securitylab

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

27 Open 101 Closed
27 Open 101 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels.
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀
[Java] CWE-1004: Query to check sensitive cookies without the HttpOnly flag set All For One
#292 opened Mar 1, 2021 by luchua-bc 1 of 1
Java: Query for detecting unsafe deserialization with Spring exporters All For One
#289 opened Feb 27, 2021 by artem-smotrakov 1 of 1
5
[Java/Maven]: Detect use of deprecated JCenter/Bintray Repository All For One
#287 opened Feb 25, 2021 by JLLeitschuh 1 of 1
2
Java: JSONP Injection All For One
#277 opened Feb 18, 2021 by haby0 1 of 1
6
[Java] CWE-297: Insecure LDAP endpoint configuration All For One
#272 opened Feb 15, 2021 by luchua-bc 1 of 1
1
Java : Add query for detecting Log Injection vulenrabilities All For One
#265 opened Feb 4, 2021 by porcupineyhairs
Java : Add a query to detect Spring View Manipulation Vulnerability (Implicit) All For One
#263 opened Feb 1, 2021 by porcupineyhairs
4
ihsinme: CPP Add query for CWE-570 detect and handle memory allocation errors. All For One
#258 opened Jan 29, 2021 by ihsinme 1 of 1
1
ihsinme: CPP add query for CWE-788 Access of memory location after the end of a buffer using strlen. All For One
#252 opened Jan 28, 2021 by ihsinme 1 of 1
14
Java: Query for detecting JEXL injections All For One
#249 opened Jan 25, 2021 by artem-smotrakov
13
Java: CWE-346 Queries to detect remote source flow to CORS Headers All For One
#248 opened Jan 24, 2021 by torque59
5
Java: Fix NashornScriptEngine detection in ScriptEngine query All For One
#247 opened Jan 24, 2021 by p0wn4j 0 of 1
Java: CWE-652 Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') All For One
#241 opened Jan 21, 2021 by haby0
18
[C#] CWE-759: Query to detect password hash without a salt All For One
#233 opened Jan 13, 2021 by luchua-bc 1 of 1
8
porcupiney.hairs : Java/Android - Insecure Loading of a Dex File All For One
#232 opened Jan 12, 2021 by porcupineyhairs
4
[Java] CWE-759: Query to detect password hash without a salt All For One
#227 opened Jan 6, 2021 by luchua-bc 1 of 1
2
[Java] CWE-598: Use of GET Request Method with Sensitive Query Strings All For One
#223 opened Dec 26, 2020 by luchua-bc 1 of 1
6
[Java]: CWE 295 - Insecure TrustManager - MiTM All For One
#222 opened Dec 24, 2020 by intrigus-lgtm 1 of 1
12
[Java] CWE-327: Add more broken crypto algorithms All For One
#216 opened Dec 16, 2020 by luchua-bc 1 of 1
2
[Java] CWE-312: Query to detect cleartext storage of sensitive information using Android SharedPreferences All For One
#205 opened Nov 16, 2020 by luchua-bc 1 of 1
1
Java : Add query to detect Apache Struts enabled Development mode All For One
#202 opened Nov 9, 2020 by porcupineyhairs
7
Server Side Template Injection lead to RCE ASP.NET RazorEngine All For One
#182 opened Sep 22, 2020 by cldrn 0 of 1
1
[Java] CWE-117: CodeQL query to detect Log Injection
#144 opened Jul 2, 2020 by dellalibera 1 of 1
6
[JAVA] CWE-706: Use of Incorrectly-Resolved Name or Reference & CWE-201: Exposure of Sensitive Information Through Sent Data
#136 opened Jun 24, 2020 by intrigus-lgtm 1 of 1
2
Java : Add query to detect Server Side Template Injection
#94 opened May 21, 2020 by porcupineyhairs
4
ProTip! Mix and match filters to narrow down what you’re looking for.