Skip to content

Issues: find-sec-bugs/find-sec-bugs

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

104 Open 327 Closed
104 Open 327 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Add support for JSR305 @Detainted / @Tainted / @Untainted in the taint analysis
#735 opened May 3, 2024 by gehel
Update website with new version
#733 opened Apr 29, 2024 by ClaudioConsolmagno
keySECXXEVAL
#732 opened Mar 25, 2024 by hazendaz
2
Getting "Hard coded password found here" exception where (IMHO) it shouldn't
#731 opened Mar 5, 2024 by sliric
Missing artifact in release assets
#730 opened Mar 5, 2024 by haerter-tss
1
Invalid class name exception for methods with generics bug
#724 opened Feb 13, 2024 by pavelorehov
2
Wrapper SQL sink method triggers SQL injection detection false-positive Something that should not report.
#722 opened Jan 23, 2024 by jim-bentler
4
Mark java.sql.Statement enquoteIdentifer, enquoteLiteral, and enquoteNCharLiteral SQL_INJECTION_SAFE false-positive Something that should not report. good first issue
#721 opened Jan 23, 2024 by jim-bentler
Replace jwgmeligmeyling/spotbugs-github-action internal Related to FSB internal testing, build or other tooling.
#720 opened Jan 10, 2024 by h3xstream
Inconsistency in HTTP_RESPONSE_SPLITTING Rule: Discrepancy in Violation Reporting with Nested Class false-negative Something that we have miss.
#719 opened Dec 22, 2023 by soyodream
Inconsistency in SQL_INJECTION_JPA Rule: Discrepancy in Violation Reporting with Nested Class false-negative Something that we have miss.
#718 opened Dec 18, 2023 by soyodream
Feasiblity of transferring this to spotbugs organization question Questions on how to use FSB or about its capabilities.
#717 opened Dec 16, 2023 by hazendaz
2
Inconsistency in COMMAND_INJECTION Rule: Discrepancy in Violation Reporting with Nested Class false-negative Something that we have miss.
#716 opened Dec 14, 2023 by soyodream
java.lang.AssertionError: Out of bounds mutables in static org.apache.druid.indexing.common.task.OverlordCoordinatingSegmentAllocator.lambda
#715 opened Sep 7, 2023 by azure247a
False Negative: String concatenation with char should not consider char to be SAFE
#711 opened Aug 17, 2023 by jbindel
1
Mark sources of Possible JDBC injection as safe enhancement New feature or improvement to existing detector. good first issue
#709 opened Jun 27, 2023 by apetrelli
12
IMPROPER_UNICODE rule does not find equalsIgnoreCase usage when used as method reference
#708 opened Jun 26, 2023 by Vampire
SpringEntityLeakDetector crashes with Map bug
#706 opened Jun 20, 2023 by nchandrashekar79
1
SpringEntityLeakDetector crashes with Map bug
#705 opened Jun 20, 2023 by nchandrashekar79
1
The current code doesn't support Jakarta namespace (ENTITY_LEAK and other checks don't work)
#704 opened Jun 15, 2023 by mrairjan
java.lang.IllegalStateException
#703 opened May 24, 2023 by whistlexie
@h3xstream
2
ReDOS checker not agreeing with https://devina.io/redos-checker
#702 opened May 19, 2023 by ajohnson1
The following classes needed for analysis were missing
#701 opened Apr 14, 2023 by delanym
1
Why scan results having multiple source-line tags for a bug instance?
#698 opened Mar 13, 2023 by Lingom-KSR
FindSecBugs-cli crashes when trying to write SARIF output
#697 opened Mar 9, 2023 by northdpole
1
ProTip! Exclude everything labeled bug with -label:bug.