398 matches found
GitHub Security Lab: [Java]: CWE-321 - Query to detect hardcoded JWT secret keys
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [CPP]: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java]: CWE-552 Add sources and sinks to detect unsafe getResource calls in Java EE applications
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [CPP]: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Python]: Add Server-side Request Forgery sinks
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java]: CWE-200 - Query to detect insecure WebResourceResponse implementation
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CPP: Add query for CWE-377 Insecure Temporary File
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Python]: CWE-611: XXE
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java]: Add JDBC connection SSRF sinks
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java]: Timing attacks while comparing the headers value
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Python: CWE-338 insecureRandomness
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java : Add query to detect Server Side Template Injection (SSTI)
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [C#] CWE-759: Query to detect password hash without a salt
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CPP: Add query for CWE-266 Incorrect Privilege Assignment
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java]: CWE-073 - File path injection with the JFinal framework
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: An experimental query for ignored hostname verification
This bug was reported directly to GitHub Security Lab...
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header
Summary There exists a potential open redirect vulnerability in Traefik's handling of the X-Forwarded-Prefix header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache...
GHSA-6QQ8-5WQ3-86RP Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header
Summary There exists a potential open redirect vulnerability in Traefik's handling of the X-Forwarded-Prefix header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache...
GitHub Security Lab: [Python]: Add shutil module sinks for path injection query
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: ihsinme: CPP Add a query to find incorrectly used exceptions.
This bug was reported directly to GitHub Security Lab...