-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Pull requests: github/codeql
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
Bump google.golang.org/protobuf from 1.30.0 to 1.33.0 in /go/ql/test/query-tests/Security/CWE-347
dependencies
Pull requests that update a dependency file
documentation
Go
#21644
opened Apr 3, 2026 by
dependabot
bot
Loading…
Bump golang.org/x/crypto from 0.7.0 to 0.45.0 in /go/ql/test/library-tests/semmle/go/frameworks/Fasthttp
dependencies
Pull requests that update a dependency file
documentation
Go
#21643
opened Apr 3, 2026 by
dependabot
bot
Loading…
Adjust alert messages CWE-829/ArtifactPoisoning[Critical|Medium]
Actions
Analysis of GitHub Actions
documentation
#21640
opened Apr 2, 2026 by
knewbury01
Loading…
Rust: Add AlertSuppression.ql for inline suppression comments
documentation
Rust
Pull requests that update Rust code
#21638
opened Apr 2, 2026 by
cnuss
Loading…
5 tasks done
Actions: Correctly check reusable workflow permissions in Analysis of GitHub Actions
documentation
actions/missing-workflow-permissions
Actions
#21636
opened Apr 2, 2026 by
jketema
Loading…
Dataflow: Expose stage 1's This PR does not need a change note
fwdFlow
DataFlow Library
no-change-note-required
#21631
opened Apr 2, 2026 by
MathiasVP
Loading…
Bump gazelle from 0.47.0 to 0.48.0
bazel
Pull requests that update bazel code
dependencies
Pull requests that update a dependency file
#21630
opened Apr 2, 2026 by
dependabot
bot
Loading…
C#: Deprecate get[L|R]Value predicates.
C#
documentation
#21627
opened Apr 1, 2026 by
michaelnebel
Loading…
Actions: Add four experimental queries
Actions
Analysis of GitHub Actions
documentation
#21624
opened Mar 31, 2026 by
JamieMagee
Loading…
Add supply chain queries for npm publish token usage and missing provenance
Actions
Analysis of GitHub Actions
documentation
#21621
opened Mar 31, 2026 by
david-wiggs
Loading…
C#: Taint members of types in ASP.NET user context.
C#
documentation
#21612
opened Mar 30, 2026 by
michaelnebel
Loading…
Narrow ZipSlip sinks to file write operations, excluding read-only paths
documentation
Java
#21609
opened Mar 28, 2026 by
MarkLee131
Loading…
Actions: Removed a false positive injection sink model for theAnalysis of GitHub Actions
documentation
veracode/veracode-sca action.
Actions
#21604
opened Mar 27, 2026 by
XinyuZhangXvX
Loading…
Actions: Add taint summary for suisei-cn/actions-download-file url input
Actions
Analysis of GitHub Actions
documentation
#21600
opened Mar 27, 2026 by
XinyuZhangXvX
Loading…
Python: Port ShouldUseWithStatement.ql
no-change-note-required
This PR does not need a change note
Python
#21598
opened Mar 27, 2026 by
tausbn
Loading…
Previous Next
ProTip!
Updated in the last three days: updated:>2026-03-31.