Issues
- 5
Exclude Slack webhook sample URL
#3461 opened by dbarlett - 1
[Regression] unquoted-command-substitution-in-command & unquoted-variable-expansion-in-command [BASH] causes semgrep CRASH
#3449 opened by mjnowen - 1
NextJS node modules vulnerabilities
#3445 opened by Creakyinertia - 2
dockerfile.security.missing-user has a false positive related to HEALTHCHECK CMD
#3436 opened by saghaulor - 0
Editor logs out after removing - id line from the rule.
#3413 opened by or-akl - 0
- 0
False positives in storage-queue-services-logging for Azure Storage Accounts that don't use a storage queue
#3383 opened by thompsonbryce - 0
False positive in javascript.express.security.audit.xss.direct-response-write.direct-response-write
#3381 opened by nbrahms - 0
php.lang.security.injection.tainted-sql-string does not detect SQL statement with newline
#3376 opened by Sjord - 1
- 2
Duplicate rules for Slack webhook URL
#3345 opened by Sjord - 0
False Positive javascript.express_xss
#3339 opened by aviramshm - 0
unquoted-variable-expansion-in-command: False positive on arithmetic expressions "$((...))"
#3328 opened by AfroThundr3007730 - 0
- 0
False positive in java.lang.security.system.system-setproperty-hardcoded-secret
#3312 opened by Sjord - 2
Add mapping to CWE-353
#3134 opened by jmeit-fwdsec - 1
Incorrect Javascript rule for insecure web sockets
#3080 opened by iuliadmtru - 0
- 0
php.lang.security.non-literal-header incorrectly warns against response splitting
#3287 opened by Sjord - 0
Auto issue labeling workflow
#3286 opened by atarax665 - 5
False positive on php.lang.security.injection.tainted-sql-string.tainted-sql-string
#3252 opened by Sjord - 1
- 2
- 0
- 1
False positive on unquoted-attribute-var for Angular
#3205 opened by Sjord - 0
Ruby Rails tainted SQL String rule has wrong metadata
#3191 opened by 0xDC0DE - 0
Python unverified-jwt-decode rule deprecated
#3109 opened by spehill - 1
Remediation wrong for rule python.aws-lambda.security.dangerous-subprocess-use.dangerous-sub
#3162 opened by svbfromnl - 1
regular-expression-dos message
#3106 opened by Sjord - 0
- 0
[owasp.java.ssrf.java.net.url] False Negative When Detecting SSRF in the java.net.URL Sink
#2990 opened by SaeedHashem - 1
- 1
False positive in javascript.lang.correctness.useless-assign.useless-assignment
#3036 opened by Sjord - 0
Issue with detect-child-process rule
#3105 opened by joshbouncesecurity - 1
False positive in generic.nginx.security.missing-internal.missing-internal
#3057 opened by AlexanderSilaev - 0
False positives because python.flask.security.injection.ssrf-requests assumes every decorator is Flask
#3053 opened by underyx - 0
Unpacking fails dangerous-subprocess-use-audit
#3074 opened by CandiedCode - 0
Python. Ignore md5 when used with usedforsecurity
#3052 opened by SXHRYU - 4
harden-dompurify-usage deprecation
#3073 opened by aarongoldenthal - 1
- 1
Nginx false positive generic.nginx.security.insecure-redirect.insecure-redirect
#3050 opened by SXHRYU - 1
License confusion with Rules
#3033 opened by InternGoUser - 0
- 3
A false negative (miss) in asyncpg-sqli ruleset
#3027 opened by kholia - 2
[Rule] Dependency confusion
#3032 opened by Sjord - 0
Enhance Python eval() detection rule
#2999 opened by bluemarco - 0
c/lang/security/double-free.yaml false positive
#2995 opened by kostya253 - 2
Confirming licensing for rules.
#2954 opened by ajohnston9 - 1
False positive pattern in loop pointer rule
#2972 opened by romdr - 1