398 matches found
GitHub Security Lab: [Java] CWE-295: Disabled certificate validation in JXBrowser
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java] CWE-522: Insecure LDAP authentication
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: ihsinme: CPP Add query for CWE-401 memory leak on unsuccessful call to realloc function
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: ihsinme: CPP Add query for CWE-14 compiler removal of code to clear buffers.
This bug was reported directly to GitHub Security Lab...
GHSA-JXWX-85VP-GVWM Regular Expression Denial of Service in jquery-validation
The GitHub Security Lab team has identified potential security vulnerabilities in jquery.validation. The project contains one or more regular expressions that are vulnerable to ReDoS Regular Expression Denial of Service This issue was discovered and reported by GitHub team member @erik-krogh Erik...
GitHub Security Lab: [Java] CWE-555: Query to detect password in Java EE configuration files
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: QL Query Detector for JHipster Generated CVE-2019-16303
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: 3,880 Pull Requests Generated to fix JHipster RNG Vulnerability CVE-2019-16303
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CPP: CWE-191 into experimental this reveals a dangerous comparison
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java] CWE-755: Query to detect Local Android DoS caused by NFE
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: Add SSRF query for Java
This bug was reported directly to GitHub Security Lab...
Command Injection
Overview corenlp-js-interface is a deprecated package. Affected versions of this package are vulnerable to Command Injection via the main function. PoC var a = require"corenlp-js-interface"; a"' touch JHU '","","",""; Remediation There is no fixed version for corenlp-js-interface. Credit: JHU...
GitHub Security Lab: [javascript] CWE-614: CodeQL query to detect if cookies are sent without the flag secure being set
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: CWE-600 Uncaught servlet exception
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: codeql-go: Expand Go standard library taint-tracking models to 63 packages, 554 models and 733 tests (from ~13 packages, ~103 models, ~50 tests)
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [javascript] CWE-90: CodeQL to detect LDAP Injection
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java : add fastjson detection. Improve RemoteFlowSource class, support SpringMvc
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: Detect remote source from Android intent extra
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java] CWE-927: Sensitive broadcast
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: CWE-749 Unsafe resource loading in Android WebView leaking to injection attacks
This bug was reported directly to GitHub Security Lab...