Skip to content

Latest commit

 

History

History
219 lines (218 loc) · 30.7 KB

TOPGITHUBSECURITYLAB.md

File metadata and controls

219 lines (218 loc) · 30.7 KB
Raw

Top reports from GitHub Security Lab program at HackerOne:

  1. Java (Maven): Actually fix the use of insecure protocol to download/upload artifacts to GitHub Security Lab - 283 upvotes, $4000
  2. [Python] CWE-400: Regular Expression Injection to GitHub Security Lab - 72 upvotes, $4500
  3. Initial websocket support for Javascript (SockJS) to GitHub Security Lab - 66 upvotes, $1800
  4. Java: CWE-749 Unsafe resource loading in Android WebView leaking to injection attacks to GitHub Security Lab - 59 upvotes, $2300
  5. [ruby]: ZipSlip/TarSlip vulnerability detection to GitHub Security Lab - 54 upvotes, $5500
  6. Java/CWE-036: Calling openStream on URLs created from remote source can lead to file disclosure to GitHub Security Lab - 52 upvotes, $1800
  7. CodeQL query for finding LDAP Injection (CWE-90) vulnerabilities in Java to GitHub Security Lab - 51 upvotes, $3000
  8. [CPP]: Add query for CWE-805: Buffer Access with Incorrect Length Value using some functions to GitHub Security Lab - 43 upvotes, $1800
  9. [Java] CWE-326: Query to detect weak encryption with an insufficient key size to GitHub Security Lab - 41 upvotes, $4500
  10. [Java] CWE-555: Query to detect password in Java EE configuration files to GitHub Security Lab - 38 upvotes, $1800
  11. [Python] CWE-090: LDAP Injection to GitHub Security Lab - 33 upvotes, $4500
  12. Java (Maven): Use of insecure protocol to download/upload artifacts to GitHub Security Lab - 33 upvotes, $2300
  13. Java: Fix NashornScriptEngine detection in ScriptEngine query to GitHub Security Lab - 33 upvotes, $0
  14. [Java] CWE-079: Query to detect XSS with JavaServer Faces (JSF) to GitHub Security Lab - 31 upvotes, $1800
  15. LDAP injection vulnerability in Java to GitHub Security Lab - 29 upvotes, $2500
  16. Python : Add query to detect Server Side Template Injection to GitHub Security Lab - 29 upvotes, $0
  17. CodeQL query to detect JNDI injections to GitHub Security Lab - 28 upvotes, $2300
  18. [porcupiney.hairs]: [Python] Add Flask Path injection sinks to GitHub Security Lab - 28 upvotes, $0
  19. Java: Unsafe deserialization with Jackson to GitHub Security Lab - 26 upvotes, $4500
  20. Java: Static initialization vector to GitHub Security Lab - 22 upvotes, $1800
  21. CPP: Out of order Linux permission dropping without checking return codes to GitHub Security Lab - 22 upvotes, $0
  22. Java: Query for detecting JEXL injections to GitHub Security Lab - 20 upvotes, $4500
  23. Java: CWE-939 - Address improper URL authorization to GitHub Security Lab - 18 upvotes, $1500
  24. Golang : Hardcoded secret used for signing JWT to GitHub Security Lab - 18 upvotes, $0
  25. [Python] CWE-348: Client supplied ip used in security check to GitHub Security Lab - 17 upvotes, $0
  26. [javascript] CWE-020: CodeQL query to detect missing origin validation in cross-origin communication via postMessage to GitHub Security Lab - 16 upvotes, $0
  27. New experimental query: Clipboard-based XSS to GitHub Security Lab - 16 upvotes, $0
  28. Java: Query for detecting unsafe deserialization with Spring exporters to GitHub Security Lab - 15 upvotes, $4500
  29. [Java] CWE-755: Query to detect Local Android DoS caused by NFE to GitHub Security Lab - 15 upvotes, $1800
  30. C++: Support Pqxx connector to search for sql injections to Postgres to GitHub Security Lab - 14 upvotes, $4500
  31. Netty HTTP Response Splitting (CRLF Injection) due to disabled header validation to GitHub Security Lab - 14 upvotes, $1500
  32. CPP: Out of order Linux permission dropping without checking return codes to GitHub Security Lab - 14 upvotes, $0
  33. CodeQL query for SpEL injections to GitHub Security Lab - 13 upvotes, $2300
  34. [Ruby]: Server Side Template Injection to GitHub Security Lab - 13 upvotes, $2300
  35. Java : CWE-548 - J2EE server directory listing enabled to GitHub Security Lab - 13 upvotes, $1800
  36. [Java] CWE-016: Query to detect insecure configuration of Spring Boot Actuator to GitHub Security Lab - 12 upvotes, $500
  37. Golang : Improvements to Golang SSRF query to GitHub Security Lab - 12 upvotes, $0
  38. [Java] JShell Injection to GitHub Security Lab - 12 upvotes, $0
  39. [Java] CWE-939 - Address improper URL authorization to GitHub Security Lab - 11 upvotes, $1800
  40. Java: An experimental query for ignored hostname verification to GitHub Security Lab - 11 upvotes, $1800
  41. Java: CWE-532 sensitive info logging to GitHub Security Lab - 11 upvotes, $500
  42. gagliardetto: Query to detect incorrect conversion between numeric types to GitHub Security Lab - 11 upvotes, $0
  43. Golang : Add Email Content Injection query to GitHub Security Lab - 11 upvotes, $0
  44. Java: CWE-600 Uncaught servlet exception to GitHub Security Lab - 10 upvotes, $1800
  45. [Python]: Timing attack to GitHub Security Lab - 10 upvotes, $1800
  46. Java: CWE-798 - Hardcoded AWS credentials to GitHub Security Lab - 10 upvotes, $1000
  47. [Java]: CWE-625 - Query to detect regex dot bypass to GitHub Security Lab - 10 upvotes, $1000
  48. [Java] CWE-094: Query to detect Groovy Code Injections to GitHub Security Lab - 10 upvotes, $0
  49. Golang : Add Query To Detect PAM Authorization Bugs to GitHub Security Lab - 10 upvotes, $0
  50. [Java] CWE-312: Query to detect cleartext storage of sensitive information using Android SharedPreferences to GitHub Security Lab - 9 upvotes, $4500
  51. Java: CWE-522 Insecure basic authentication to GitHub Security Lab - 9 upvotes, $2300
  52. Java: CWE-297 Insecure JavaMail SSL configuration to GitHub Security Lab - 9 upvotes, $1800
  53. [Java] CWE-598: Use of GET Request Method with Sensitive Query Strings to GitHub Security Lab - 9 upvotes, $1800
  54. CodeQL query to detect insecure MaxLengthRequest values in ASP.NET applications to GitHub Security Lab - 9 upvotes, $1000
  55. Java: Regex injection to GitHub Security Lab - 9 upvotes, $1000
  56. CPP: Add query for CWE-243 Creation of chroot Jail Without Changing Working Directory to GitHub Security Lab - 9 upvotes, $1000
  57. PYTHON: CWE-079 - Add query for email injection to GitHub Security Lab - 8 upvotes, $4500
  58. CodeQL query to detect open Spring Boot actuator endpoints to GitHub Security Lab - 8 upvotes, $1800
  59. CodeQL query for unsafe TLS versions to GitHub Security Lab - 8 upvotes, $1800
  60. [Java] CWE-327: Add more broken crypto algorithms to GitHub Security Lab - 8 upvotes, $1800
  61. [Java]: Flow sources and steps for JMS and RabbitMQ to GitHub Security Lab - 8 upvotes, $1800
  62. CodeQL query to detect Server-Side Template Injections (JavaScript) to GitHub Security Lab - 8 upvotes, $0
  63. [cpp] CWE-787: query to detect unsigned integer to signed integer conversions used in pointer arithmetics to GitHub Security Lab - 7 upvotes, $4500
  64. Java: CWE-273 Unsafe certificate trust to GitHub Security Lab - 7 upvotes, $1800
  65. Java: Detect remote source from Android intent extra to GitHub Security Lab - 7 upvotes, $1800
  66. [Java] CWE-297: Insecure LDAP endpoint configuration to GitHub Security Lab - 7 upvotes, $1800
  67. [Java] CWE-1004: Query to check sensitive cookies without the HttpOnly flag set to GitHub Security Lab - 7 upvotes, $1000
  68. [python]: Zip Slip Vulnerability to GitHub Security Lab - 7 upvotes, $1000
  69. [CPP]: Add query for CWE-125 Out-of-bounds Read with different interpretation of the string when use mbtowc to GitHub Security Lab - 7 upvotes, $1000
  70. [CPP]Add query to detect bugs like CVE-2017-5123 to GitHub Security Lab - 7 upvotes, $1000
  71. Python : Add query to detect PAM authorization bypass to GitHub Security Lab - 7 upvotes, $0
  72. [Java] CWE-094: Rhino code injection to GitHub Security Lab - 6 upvotes, $1800
  73. [GO]: CWE-326: Insufficient key size to GitHub Security Lab - 6 upvotes, $1800
  74. Python: Add support of clickhouse-driver package to GitHub Security Lab - 6 upvotes, $1800
  75. ihsinme:CPP Add query for CWE-415 Double Free to GitHub Security Lab - 6 upvotes, $1800
  76. [Java]: CWE-665 Insecure environment during RMI/JMX Server initialisation - All for one bounty to GitHub Security Lab - 6 upvotes, $1800
  77. [Java] CWE-502: Unsafe deserialization with three JSON frameworks to GitHub Security Lab - 6 upvotes, $1800
  78. ihsinme: CPP add query for CWE-788 Access of memory location after the end of a buffer using strlen. to GitHub Security Lab - 6 upvotes, $1000
  79. [Go]: Add Beego.Input.RequestBody source to Beego framework to GitHub Security Lab - 6 upvotes, $1000
  80. [codeql-go]: Add query to find use of constant state parameter in Oauth2 flow to GitHub Security Lab - 6 upvotes, $0
  81. porcupiney.hairs : Java/Android - Insecure Loading of a Dex File to GitHub Security Lab - 6 upvotes, $0
  82. [Java] CWE-918: Added URLClassLoader and WebClient SSRF sinks to GitHub Security Lab - 6 upvotes, $0
  83. [Java]: Add XXE sinks to GitHub Security Lab - 6 upvotes, $0
  84. [GO]: [CWE-090: LDAP Injection All For One] to GitHub Security Lab - 6 upvotes, $0
  85. [Python]: Add Server-side Request Forgery sinks to GitHub Security Lab - 6 upvotes, $0
  86. CPP: Pam Authorization Bypass to GitHub Security Lab - 6 upvotes, $0
  87. [Python] Unsafe unpacking using shutil.unpack_archive() query and tests to GitHub Security Lab - 6 upvotes, $0
  88. [Java] CWE-927: Sensitive broadcast to GitHub Security Lab - 5 upvotes, $1800
  89. CPP: CWE-191 into experimental this reveals a dangerous comparison to GitHub Security Lab - 5 upvotes, $1800
  90. [JavaScript]: add query for Express-HBS LFR to GitHub Security Lab - 5 upvotes, $1800
  91. [Java] CWE-489: Query to detect main() method in Java EE applications to GitHub Security Lab - 5 upvotes, $1800
  92. ihsinme: CPP Add query for CWE-570 detect and handle memory allocation errors. to GitHub Security Lab - 5 upvotes, $1800
  93. ihsinme: CPP Add query for CWE-783 Operator Precedence Logic Error When Use Bool Type to GitHub Security Lab - 5 upvotes, $1800
  94. Python: CWE-338 insecureRandomness to GitHub Security Lab - 5 upvotes, $1800
  95. CPP: Add query for CWE-266 Incorrect Privilege Assignment to GitHub Security Lab - 5 upvotes, $1800
  96. Adds CodeQL query to check for insecure RequestValidationMode in ASP.NET to GitHub Security Lab - 5 upvotes, $1000
  97. CodeQL query to detect pages with validationRequest disabled to GitHub Security Lab - 5 upvotes, $1000
  98. CodeQL query for finding ReDoS and Regex Injection vulnerabilities in Java to GitHub Security Lab - 5 upvotes, $1000
  99. ihsinme: CPP Add query for CWE-14 compiler removal of code to clear buffers. to GitHub Security Lab - 5 upvotes, $1000
  100. ihsinme: CPP add query for: CPP Add query for CWE-20 Improper Input Validation to GitHub Security Lab - 5 upvotes, $1000
  101. [Java] CWE-759: Query to detect password hash without a salt to GitHub Security Lab - 5 upvotes, $1000
  102. ihsinme: CPP Add query for CWE-691 Insufficient Control Flow Management When Using Bit Operations to GitHub Security Lab - 5 upvotes, $1000
  103. [GO] CWE-1004: Sensitive cookie without HttpOnly to GitHub Security Lab - 5 upvotes, $1000
  104. CPP: Add query for CWE-377 Insecure Temporary File to GitHub Security Lab - 5 upvotes, $1000
  105. ihsinme: CPP Add a query to find incorrectly used exceptions. to GitHub Security Lab - 5 upvotes, $1000
  106. CodeQL query to detect weak (duplicated) encryption keys for ASP.NET Telerik Upload to GitHub Security Lab - 5 upvotes, $500
  107. Dynamic reflection class to GitHub Security Lab - 5 upvotes, $0
  108. codeql-go: Expand Go standard library taint-tracking models to 63 packages, 554 models and 733 tests (from ~13 packages, ~103 models, ~50 tests) to GitHub Security Lab - 5 upvotes, $0
  109. Golang : Add MongoDb NoSQL injection sinks to GitHub Security Lab - 5 upvotes, $0
  110. Java : Add query for detecting Log Injection vulenrabilities to GitHub Security Lab - 5 upvotes, $0
  111. Java: CWE-652 Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') to GitHub Security Lab - 5 upvotes, $0
  112. Java: JSONP Injection to GitHub Security Lab - 5 upvotes, $0
  113. C# : Add query to detect Server Side Request Forgery to GitHub Security Lab - 5 upvotes, $0
  114. [Java]: Add JDBC connection SSRF sinks to GitHub Security Lab - 5 upvotes, $0
  115. C/C++: Command injection via wordexp to GitHub Security Lab - 5 upvotes, $0
  116. CodeQL query for MVEL injections to GitHub Security Lab - 4 upvotes, $2300
  117. CodeQL query for finding CSRF vulnerabilities in Spring applications to GitHub Security Lab - 4 upvotes, $1800
  118. [Java] Query for detecting Jakarta Expression Language injections to GitHub Security Lab - 4 upvotes, $1800
  119. [Java] CWE-094: Jython code injection to GitHub Security Lab - 4 upvotes, $1800
  120. ihsinme: CPP Add query for CWE-1126: Declaration of Variable with Unnecessarily Wide Scope to GitHub Security Lab - 4 upvotes, $1800
  121. Java: CodeQL query for unsafe RMI deserialization to GitHub Security Lab - 4 upvotes, $1800
  122. [Python]: CWE-611: XXE to GitHub Security Lab - 4 upvotes, $1800
  123. [Java]: CWE-073 - File path injection with the JFinal framework to GitHub Security Lab - 4 upvotes, $1800
  124. [Java]: CWE-552 Add sources and sinks to detect unsafe getResource calls in Java EE applications to GitHub Security Lab - 4 upvotes, $1800
  125. [CPP]: Add query for CWE-297: Improper Validation of Certificate with Host Mismatch to GitHub Security Lab - 4 upvotes, $1800
  126. [JavaScript]: CWE-1004: Sensitive cookie without HttpOnly to GitHub Security Lab - 4 upvotes, $1000
  127. JavaScript: Add some new XSS sinks and sources of Next.js (and some extra improvements) to GitHub Security Lab - 4 upvotes, $1000
  128. [CPP]: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation to GitHub Security Lab - 4 upvotes, $500
  129. Yet another SSRF query for Go to GitHub Security Lab - 4 upvotes, $450
  130. Yet another SSRF query for Go to GitHub Security Lab - 4 upvotes, $450
  131. [Java]: CWE-523 Insecure HSTS configuration to GitHub Security Lab - 4 upvotes, $250
  132. Yet another SSRF query for Javascript to GitHub Security Lab - 4 upvotes, $250
  133. XPath Injection query in java to GitHub Security Lab - 4 upvotes, $0
  134. Go/CWE-643: XPath Injection Query in Go to GitHub Security Lab - 4 upvotes, $0
  135. CPP: Missing/incomplete TLS server certificate hostname validation to GitHub Security Lab - 4 upvotes, $0
  136. Java : add MongoDB injection sinks to GitHub Security Lab - 4 upvotes, $0
  137. Java: Add SSRF query for Java to GitHub Security Lab - 4 upvotes, $0
  138. Java : Add query to detect Apache Struts enabled Development mode to GitHub Security Lab - 4 upvotes, $0
  139. Java : Add query for detecting Log Injection vulenrabilities to GitHub Security Lab - 4 upvotes, $0
  140. Java: CWE-346 Queries to detect remote source flow to CORS Headers to GitHub Security Lab - 4 upvotes, $0
  141. [Java] BeanShell Injection to GitHub Security Lab - 4 upvotes, $0
  142. [Java]: CWE-502 Add UnsafeDeserialization sinks to GitHub Security Lab - 4 upvotes, $0
  143. [Java]: CWE 295 - Insecure TrustManager - MiTM to GitHub Security Lab - 4 upvotes, $0
  144. [Python]: CWE-117 Log Injection to GitHub Security Lab - 4 upvotes, $0
  145. [Java] CWE-552: Unsafe url forward to GitHub Security Lab - 4 upvotes, $0
  146. Yet another SSRF query for Go to GitHub Security Lab - 4 upvotes, $0
  147. Java : Add query to detect Server Side Template Injection (SSTI) to GitHub Security Lab - 4 upvotes, $0
  148. [python] TarSlip vulnerability improvements to GitHub Security Lab - 4 upvotes, $0
  149. Java: Timing attacks while comparing results of cryptographic operations to GitHub Security Lab - 3 upvotes, $4500
  150. CodeQL query for disabled revocation checking to GitHub Security Lab - 3 upvotes, $1800
  151. [Java] CWE-522: Insecure LDAP authentication to GitHub Security Lab - 3 upvotes, $1800
  152. [Java]: CWE-730 Regex injection to GitHub Security Lab - 3 upvotes, $1800
  153. ihsinme: Add query for CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior to GitHub Security Lab - 3 upvotes, $1800
  154. [Java] CWE-200: Query to detect exposure of sensitive information from android file intent to GitHub Security Lab - 3 upvotes, $1800
  155. [Java]: CWE-200 - Query to detect insecure WebResourceResponse implementation to GitHub Security Lab - 3 upvotes, $1800
  156. [Java]: CWE-321 - Query to detect hardcoded JWT secret keys to GitHub Security Lab - 3 upvotes, $1800
  157. [CPP]: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf to GitHub Security Lab - 3 upvotes, $1800
  158. [JAVA]: Partial Path Traversal to GitHub Security Lab - 3 upvotes, $1800
  159. ihsinme: CPP Add query for CWE-675 Duplicate Operations on Resource to GitHub Security Lab - 3 upvotes, $1000
  160. [Java]: Timing attacks while comparing the headers value to GitHub Security Lab - 3 upvotes, $1000
  161. Yet another SSRF query for Javascript to GitHub Security Lab - 3 upvotes, $250
  162. [javascript] CWE-117: CodeQL query to detect Log Injection to GitHub Security Lab - 3 upvotes, $0
  163. [javascript] CWE-90: CodeQL to detect LDAP Injection to GitHub Security Lab - 3 upvotes, $0
  164. Java : Add a query to detect Spring View Manipulation Vulnerability to GitHub Security Lab - 3 upvotes, $0
  165. [Java]: CWE-601 Spring url redirection detect to GitHub Security Lab - 3 upvotes, $0
  166. [Java] CWE-078: Add JSch lib OS Command Injection sink to GitHub Security Lab - 3 upvotes, $0
  167. [JAVA]: CWE-347 - Improper Verification of Cryptographic Signature : Potential for Auth Bypass to GitHub Security Lab - 3 upvotes, $0
  168. [Java] CWE-295 - Incorrect Hostname Verification - MitM to GitHub Security Lab - 3 upvotes, $0
  169. [go]: Add query for detecting CORS misconfiguration to GitHub Security Lab - 3 upvotes, $0
  170. [Java] CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') to GitHub Security Lab - 3 upvotes, $0
  171. Yet another SSRF query for Javascript to GitHub Security Lab - 3 upvotes, $0
  172. Yet another SSRF query for Go to GitHub Security Lab - 3 upvotes, $0
  173. Yet another SSRF query for Javascript to GitHub Security Lab - 3 upvotes, $0
  174. CodeQL query to detect OGNL injections to GitHub Security Lab - 2 upvotes, $2300
  175. ihsinme: CPP Add query for CWE-401 memory leak on unsuccessful call to realloc function to GitHub Security Lab - 2 upvotes, $1800
  176. ihsinme: CPP add query for CWE-788 Access of memory location after the end of a buffer using strncat. to GitHub Security Lab - 2 upvotes, $1800
  177. [Python] CWE-287: LDAP Improper Authentication to GitHub Security Lab - 2 upvotes, $1800
  178. [Python] CWE-522: Insecure LDAP Authentication to GitHub Security Lab - 2 upvotes, $1800
  179. [Java] CWE-552: Query to detect unsafe request dispatcher usage to GitHub Security Lab - 2 upvotes, $1800
  180. [Python]: CWE-079: HTTP Header injection to GitHub Security Lab - 2 upvotes, $1800
  181. 3,880 Pull Requests Generated to fix JHipster RNG Vulnerability CVE-2019-16303 to GitHub Security Lab - 2 upvotes, $1500
  182. [C#]: HttpOnly and Secure Cookies for .NET Core and .NET to GitHub Security Lab - 2 upvotes, $1000
  183. ihsinme: CPP Add query for CWE-691 Insufficient Control Flow Management After Refactoring The Code to GitHub Security Lab - 2 upvotes, $500
  184. CWE-094 ScriptEngine in java to GitHub Security Lab - 2 upvotes, $0
  185. Query to find TLS configurations supporting hardcoded insecure versions of the protocol and cipher suites to GitHub Security Lab - 2 upvotes, $0
  186. Java : add fastjson detection. Improve RemoteFlowSource class, support SpringMvc to GitHub Security Lab - 2 upvotes, $0
  187. [Java] CWE-295: Disabled certificate validation in JXBrowser to GitHub Security Lab - 2 upvotes, $0
  188. [golang] Division by zero query to GitHub Security Lab - 2 upvotes, $0
  189. [Java] CWE-348: Use of less trusted source to GitHub Security Lab - 2 upvotes, $0
  190. [Java]: CWE 295 - Insecure TrustManager - MiTM to GitHub Security Lab - 2 upvotes, $0
  191. [Java] CWE-601: Add Spring URL Redirect ResponseEntity sink to GitHub Security Lab - 2 upvotes, $0
  192. [Python]: Add SqlAlchemy support for SQL injection query to GitHub Security Lab - 2 upvotes, $0
  193. [Python] CWE-943: Add NoSQL Injection Query to GitHub Security Lab - 2 upvotes, $0
  194. [Javascript]: [Clipboard-based XSS] to GitHub Security Lab - 2 upvotes, $0
  195. [python]: Add some dangerous sinks for paramiko ssh clients to GitHub Security Lab - 2 upvotes, $0
  196. Go : Add more JWT sinks to GitHub Security Lab - 2 upvotes, $0
  197. [C#]: Deserialization sinks to GitHub Security Lab - 1 upvotes, $4500
  198. [CATENACYBER]: [CPP] CWE-476 Null Pointer Dereference : Another query to either missing or redundant NULL check to GitHub Security Lab - 1 upvotes, $1800
  199. CodeQL query to detect XSLT injections to GitHub Security Lab - 1 upvotes, $1800
  200. Java: QL Query Detector for JHipster Generated CVE-2019-16303 to GitHub Security Lab - 1 upvotes, $1800
  201. [Java] CWE-400: Query to detect uncontrolled thread resource consumption to GitHub Security Lab - 1 upvotes, $1800
  202. [Python]: JWT security-related queries to GitHub Security Lab - 1 upvotes, $1800
  203. [C#] CWE-759: Query to detect password hash without a salt to GitHub Security Lab - 1 upvotes, $1800
  204. CPP: Add query for CWE-369: Divide By Zero. to GitHub Security Lab - 1 upvotes, $1000
  205. CodeQL query to detect SSRF in Python to GitHub Security Lab - 1 upvotes, $500
  206. Java: CWE-918 - Server Side Request Forgery (SSRF) to GitHub Security Lab - 1 upvotes, $250
  207. [Java] CWE-295 - Incorrect Hostname Verification - MitM to GitHub Security Lab - 1 upvotes, $0
  208. [javascript] CWE-614: CodeQL query to detect if cookies are sent without the flag secure being set to GitHub Security Lab - 1 upvotes, $0
  209. Add check for disabled HTTPOnly setting in Tomcat to GitHub Security Lab - 1 upvotes, $0
  210. [JAVA]: CWE-347 - Improper Verification of Cryptographic Signature : Potential for Auth Bypass to GitHub Security Lab - 1 upvotes, $0
  211. [Java] CWE-089: MyBatis Mapper XML SQL Injection to GitHub Security Lab - 1 upvotes, $0
  212. [Python]: Add shutil module sinks for path injection query to GitHub Security Lab - 1 upvotes, $0
  213. [Python] Add Unicode Bypass Validation query tests and help to GitHub Security Lab - 1 upvotes, $0
  214. cpp: if (a+b>c) a=c-b is incorrect if a+b overflows to GitHub Security Lab - 0 upvotes, $4500
  215. [Javascript]: Add new queries for Javascript Github Actions to GitHub Security Lab - 0 upvotes, $1800
  216. [codeql-go]: Add CWE-79: HTML template escaping passthrough to GitHub Security Lab - 0 upvotes, $0
  217. [Python] Unsafe Unpacking and TarSlip bug slaying to GitHub Security Lab - 0 upvotes, $0