194 Pull requests merged by 35 people

• Java: Tag quality queries with quality and sub-category

  #19799 merged Jun 19, 2025

• Rust: backport Cargo.lock fixes for CI

  #19821 merged Jun 19, 2025

• Python: Tag quality queries with quality and sub category.

  #19812 merged Jun 19, 2025

• Update query-metadata-style-guide.md

  #19815 merged Jun 19, 2025

• Go: mass-enable diff-informed queries phase 2 - getASelected{Source,Sink}Location() { none() }

  #19760 merged Jun 19, 2025

• C++: mass-enable diff-informed queries phase 2 - getASelected{Source,Sink}Location() { none() }

  #19759 merged Jun 19, 2025

• Actions: mass-enable diff-informed queries phase 2 - getASelected{Source,Sink}Location() { none() }

  #19757 merged Jun 19, 2025

• Ruby: mass enable diff-informed data flow none() location overrides

  #19798 merged Jun 19, 2025

• JS: remove encodeURI from sanitizer list of request forgery

  #19750 merged Jun 19, 2025

• Python: Fix integration test

  #19818 merged Jun 19, 2025

• Java: mass enable diff-informed data flow + none() overrides

  #19795 merged Jun 19, 2025

• Go: Update tags for high precision quality queries

  #19763 merged Jun 19, 2025

• Rust: Account for borrows in operators in type inference

  #19789 merged Jun 19, 2025

• QL4QL: Add test for ql/inline-overlay-caller query

  #19810 merged Jun 19, 2025

• Python: mass enable diff-informed data flow none() location overrides

  #19797 merged Jun 19, 2025

• Swift: mass-enable diff-informed queries phase 2 - getASelected{Source,Sink}Location() { none() }

  #19761 merged Jun 19, 2025

• C#: mass-enable diff-informed queries phase 2 - getASelected{Source,Sink}Location() { none() }

  #19758 merged Jun 19, 2025

• C++: Add Arm scalable vector type QL classes

  #19792 merged Jun 18, 2025

• Quantum: Add OpenSSL signature models

  #19705 merged Jun 18, 2025

• Python: Modernize the init-calls-subclass query

  #19709 merged Jun 18, 2025

• Kotlin: clean up alternate-version code now that v1.5.x support is dropped

  #19496 merged Jun 18, 2025

• Add code-quality-extended query suites

  #19808 merged Jun 18, 2025

• Rust: Add new MaD format based on QL-computed canonical paths

  #19790 merged Jun 18, 2025

• Rust: Extend jump-to-def query with method calls

  #19809 merged Jun 18, 2025

• Rust: add proc-macro capabilities to QL tests

  #19800 merged Jun 18, 2025

• C++: fix typedef resolution in ArrayType

  #19805 merged Jun 18, 2025

• C#: Mass add quality queries to the Code Quality suite.

  #19783 merged Jun 18, 2025

• Rust: Make SummarizedCallable extend Function instead of string

  #19268 merged Jun 18, 2025

• Rust: do not remove Cargo.lock file when running QL tests

  #19803 merged Jun 17, 2025

• Ruby: Update quality tags.

  #19793 merged Jun 17, 2025

• Swift: mass enable diff-informed data flow

  #19662 merged Jun 17, 2025

• Go: mass enable diff-informed data flow

  #19660 merged Jun 17, 2025

• C++: mass enable diff-informed data flow

  #19663 merged Jun 17, 2025

• C#: mass enable diff-informed data flow

  #19661 merged Jun 17, 2025

• Actions: mass enable diff-informed data flow

  #19659 merged Jun 17, 2025

• C++: Retrieve namespace attributes

  #19773 merged Jun 17, 2025

• C++: Add exception edges out of calls inside try statements

  #19787 merged Jun 17, 2025

• JS: Improve XSS detection for serialize-javascript with tainted objects

  #19771 merged Jun 17, 2025

• C#: Handle non-unique type arguments when computing generics strings

  #19782 merged Jun 17, 2025

• C#: Add cs/gethashcode-is-not-defined to the Code Quality suite.

  #19716 merged Jun 17, 2025

• Overlay: Add QL for QL query to warn about possible non-inlining across overlay frontier

  #19590 merged Jun 17, 2025

• Shared: Make sure getMadRepresentation is unique

  #19777 merged Jun 16, 2025

• C++: Generate SEH edges for pointer dereference loads/stores in __try blocks

  #19775 merged Jun 16, 2025

• Rust: add Cargo.lock files to all tests with cargo check

  #19772 merged Jun 16, 2025

• C++: Use SEH exception edges in IR and generate SEH exception edges for calls in __try blocks

  #19746 merged Jun 16, 2025

• Rust: Type inference uses defaults for type parameters

  #19756 merged Jun 16, 2025

• Rust: regenerate models

  #19748 merged Jun 16, 2025

• CI: fix python version

  #19765 merged Jun 16, 2025

• C++: Add more MaD summaries

  #19753 merged Jun 13, 2025

• C++: Add support to __leave

  #19734 merged Jun 13, 2025

• Rust: Disambiguate some method calls based on argument types

  #19749 merged Jun 13, 2025

• Rust: Temporarily disable type information to flow into operands

  #19755 merged Jun 13, 2025

• Rust: Type inference for macro expressions

  #19751 merged Jun 13, 2025

• Java: Update the CFG for assert statements to make them proper guards.

  #19733 merged Jun 13, 2025

• Python: Modernize iter not returning self query

  #19554 merged Jun 13, 2025

• JS: Promote js/template-syntax-in-string-literal to the Code Quality suite.

  #19726 merged Jun 13, 2025

• Rust: Model String -> str implicit conversion in type inference

  #19737 merged Jun 13, 2025

• Rust: Use hasImplementation in path resolution

  #19745 merged Jun 13, 2025

• Add black pre-commit hook

  #19712 merged Jun 12, 2025

• Rust: Use QL computed canonical paths in MaD Field tokens

  #19667 merged Jun 12, 2025

• Rust: extract hasImplementation on functions and consts

  #19649 merged Jun 12, 2025

• Rust: Data flow through overloaded operators

  #19685 merged Jun 12, 2025

• Shared: Add elaborate QL doc to TypeInference.qll

  #19727 merged Jun 12, 2025

• JS: Promote js/suspicious-method-name-declaration to the Code Quality suite.

  #19741 merged Jun 12, 2025

• Rust: fix typo in README.md

  #19742 merged Jun 12, 2025

• Rust: Also apply adjustedAccessType in RelevantAccess

  #19729 merged Jun 12, 2025

• Rust: Add another type inference debug predicate

  #19728 merged Jun 12, 2025

• Set CWE-134 from 9.3 to 7.3 CVSS score for memory safe languages (#2)

  #19738 merged Jun 12, 2025

• Rust: Generate canonical paths for builtins

  #19732 merged Jun 12, 2025

• Rust: move body skipping logic to code generation

  #19559 merged Jun 12, 2025

• Rust: Simple type inference for index expressions

  #19657 merged Jun 12, 2025

• Update precision java concatenated command line

  #19723 merged Jun 12, 2025

• Rust: Update RegexInjectionExtensions to use getCanonicalPath.

  #19735 merged Jun 12, 2025

• Changedocs 2.22.0

  #19740 merged Jun 11, 2025

• C++: Add boolean for explicit lambda parameter lists

  #19686 merged Jun 11, 2025

• fixing some improperly escaped URLs

  #19739 merged Jun 11, 2025

• Rust: Adjust the taint reach metric for better stability.

  #19718 merged Jun 11, 2025

• Rust: Fix various bad joins

  #19725 merged Jun 11, 2025

• JS: QL-side type/name resolution for TypeScript and JSDoc

  #19078 merged Jun 11, 2025

• C#: Improve cs/dereference-* queries and add to the Code Quality suite.

  #19589 merged Jun 11, 2025

• Rust: Implement type inference for ref expression as type equality

  #19724 merged Jun 11, 2025

• Rust: regenerate MaD files using DCA

  #19674 merged Jun 11, 2025

• JS: Promote js/regex/duplicate-in-character-class to quality

  #19711 merged Jun 11, 2025

• Rust: Fix bad join

  #19714 merged Jun 11, 2025

• Actions: Improve Bash parsing performance on command and string interpolations

  #19701 merged Jun 10, 2025

• Rust: Use get(An){Arg,Param} helper predicates

  #19717 merged Jun 10, 2025

• C++: Add basic Aarch64 Neon IR test

  #19715 merged Jun 10, 2025

• Rust: Model futures-io, rustls, futures-rustls

  #19626 merged Jun 10, 2025

• C#: Freeze quality queries in the security-and-quality suite.

  #19713 merged Jun 10, 2025

• Rust: add Callable::getParam and CallExprBase::getArg shortcuts

  #19708 merged Jun 10, 2025

• JS: Improve useless-expression query to avoid duplicate alerts on compound expressions

  #19579 merged Jun 10, 2025

• Rust: Type inference for .await expressions

  #19584 merged Jun 10, 2025

• Rust: fix crate graph test

  #19710 merged Jun 10, 2025

• Rust: Path resolution for extern crates

  #19614 merged Jun 10, 2025

• C++: Support the __mfp8 floating point type

  #19688 merged Jun 10, 2025

• Add cs/string-concatenation-in-loop to the quality suite

  #19650 merged Jun 10, 2025

• Post-release preparation for codeql-cli-2.22.0

  #19704 merged Jun 9, 2025

• Release preparation for version 2.22.0

  #19703 merged Jun 9, 2025

• CI: Expand list of packs/languages for change note validation

  #19700 merged Jun 9, 2025

• Swift: Update to Swift 6.1.2

  #19678 merged Jun 9, 2025

• Merge rc/3.18 back to main

  #19699 merged Jun 9, 2025

• C++: Update stats file after changes to DCA source suite

  #19679 merged Jun 9, 2025

• Go: promote html-template-escaping-bypass-xss

  #19386 merged Jun 6, 2025

• Bump the extractor-dependencies group in /go/extractor with 2 updates

  #19683 merged Jun 6, 2025

• Update CSV framework coverage reports

  #19673 merged Jun 5, 2025

• Actions: Make Env non-abstract

  #19675 merged Jun 5, 2025

• C++: accept new test results after changes

  #19533 merged Jun 5, 2025

• Rust: Remove external locations in tests using post-processing

  #19669 merged Jun 4, 2025

• Rust: add documentation for AST nodes

  #19630 merged Jun 4, 2025

• JS: new Quality query - Unhandled errors in .pipe() chain

  #19544 merged Jun 4, 2025

• C++: Update expected test results and compiler version documentation after frontend update

  #18931 merged Jun 4, 2025

• Go: Add BigQuery as a sink for SQLi queries #2

  #19561 merged Jun 4, 2025

• Quantum: Add base classes for OpenSSL EVP methods

  #19607 merged Jun 3, 2025

• C++: Add support for getting literals in using declarations

  #19603 merged Jun 3, 2025

• Docs: Add changelog entry for CodeQL 2.21.4 release

  #19643 merged Jun 3, 2025

• Ripunzip: update to 2.0.2

  #19644 merged Jun 3, 2025

• JS: Mark AngularJS $location as client-side remote flow source

  #19587 merged Jun 3, 2025

• C++: Fix typo in downgrade script

  #19652 merged Jun 3, 2025

• Rust: restrict line and file counts to include only extracted source files

  #19616 merged Jun 3, 2025

• Rust: Extend jump-to-def to include paths and mod file; imports

  #19605 merged Jun 3, 2025

• Quantum: Add OpenSSL key agreement instances and consumers

  #19632 merged Jun 2, 2025

• Rust: Refactor type equality

  #19624 merged Jun 2, 2025

• Quantum: Added signature input nodes to signature verify operation nodes

  #19623 merged Jun 2, 2025

• CI: remove deprecated windows-2019 usage

  #19642 merged Jun 2, 2025

• JS: Add URL constructor taint tracking for request forgery

  #19634 merged Jun 2, 2025

• Quantum: Add initial qltests for OpenSSL modeling

  #19564 merged Jun 2, 2025

• Fix user-facing casing of NuGet

  #19638 merged Jun 2, 2025

• Python: Add Pandas SQLi sinks

  #19594 merged Jun 2, 2025

• Rust: Also take the std prelude into account when resolving paths

  #19611 merged Jun 2, 2025

• Rust: skip unexpanded stuff in library emission

  #19585 merged Jun 2, 2025

• Bulk MAD generator: Support databases from DCA runs

  #19627 merged May 30, 2025

• Rust: use all features by default

  #19551 merged May 29, 2025

• Rust: Type inference for operator overloading

  #19593 merged May 29, 2025

• Rust: re-enable attribute macro expansion in library mode

  #19588 merged May 29, 2025

• QL tests: run with --check-diff-informed

  #19428 merged May 28, 2025

• Rust: delete leftover log statement

  #19612 merged May 28, 2025

• Ruby, Rust: add zstd compression option (and fix compression in Rust)

  #19613 merged May 28, 2025

• Rust: add more macro expansion tests

  #19600 merged May 28, 2025

• C++: Specify GNU version on min/max test

  #19606 merged May 28, 2025

• Go: Make type param test independent of standard library version

  #19532 merged May 28, 2025

• Go: Check more things while running tests

  #19491 merged May 28, 2025

• Rust: Also include prelude path resolution in Core

  #19580 merged May 28, 2025

• Post-release preparation for codeql-cli-2.21.4

  #19602 merged May 27, 2025

• Release preparation for version 2.21.4

  #19601 merged May 27, 2025

• Rust: Recognize more sensitive data sources

  #19470 merged May 27, 2025

• C++: Address comments from earlier Windows MaD PRs

  #19599 merged May 27, 2025

• Go: Explicitly check whether proxy env vars are empty

  #19598 merged May 27, 2025

• C++: Add missing ReadFileEx flow summary

  #19595 merged May 27, 2025

• Rust: Model Pin

  #19529 merged May 27, 2025

• Rust: add option to extract dependencies as source files

  #19583 merged May 27, 2025

• C#: Improve cs/missed-readonly-modifier and to code-quality suite.

  #19520 merged May 27, 2025

• C++: Add more Win32 flow sources

  #19591 merged May 27, 2025

• Rust: Only include relevant AST nodes in TypeMention

  #19557 merged May 27, 2025

• C++: Add Windows command line and environment models

  #19563 merged May 27, 2025

• Swift: Update to Swift 6.1.1

  #19576 merged May 27, 2025

• JS: Explicitly Filter Quality Queries for Inclusion in Security-and-Quality

  #19578 merged May 27, 2025

• Swift: Fix type string representation

  #19582 merged May 27, 2025

• Rust: Add more Operation subclasses

  #19562 merged May 27, 2025

• Rust: Resolve function calls to traits methods

  #19575 merged May 27, 2025

• Rust: turn off macro expansion in code to be expanded by attribute macros

  #19572 merged May 27, 2025

• Rangeanalysis: Simplify Guards integration.

  #19571 merged May 26, 2025

• Type inference: Simplify internal representation of type paths

  #19570 merged May 26, 2025

• Rust: extract source files of dependencies

  #19506 merged May 24, 2025

• Shared/C++: Handle non-standard return values in MaD flow sources/sinks

  #19569 merged May 23, 2025

• SSA: Distinguish between has and controls branch edge.

  #19567 merged May 23, 2025

• actions: add some missing permissions

  #19494 merged May 23, 2025

• Update CSV framework coverage reports

  #19566 merged May 23, 2025

• Crypto: Improve literal filtering for OpenSSL for algorithms and generic sources

  #19553 merged May 22, 2025

• Rust: Models for log_err

  #19546 merged May 22, 2025

• Fix SpringRequestMappingMethod URL Extraction: Use getAStringArrayValue Instead of getValue

  #19512 merged May 22, 2025

• Java: Fix SpringRequestMappingMethod URL Extraction #2

  #19556 merged May 22, 2025

• Java: Add test showing correct usage

  #19560 merged May 22, 2025

• DevEx: add temporary files created by some checks to .gitignore

  #19550 merged May 22, 2025

• C#: Re-generate .NET 9 Runtime models.

  #19480 merged May 22, 2025

• Swift: Clarify the tag in the Swift updating doc

  #19558 merged May 22, 2025

• Rust: Add ComparisonOperation library.

  #19535 merged May 22, 2025

• Rust: Remove unused impl type

  #19555 merged May 22, 2025

• JS: More efficient nested package naming

  #19516 merged May 22, 2025

• Rust: Compute canonical paths in QL

  #19134 merged May 22, 2025

• Crypto: Misc. refactoring and code clean up.

  #19552 merged May 21, 2025

• Rust: Improve performance of type inference

  #19534 merged May 21, 2025

• Quantum: Model missing OpenSSL EVP digest consumers

  #19545 merged May 21, 2025

• Quantum: Add OpenSSL PKEY algorithm value consumers.

  #19547 merged May 21, 2025

• Rust: Type inference for non-overloadable operators

  #19549 merged May 21, 2025

• Quantum: Model OpenSSL EC key generation

  #19541 merged May 21, 2025

• Rust: Model std::net and tokio fs, io, net

  #19446 merged May 21, 2025

• Java: Use the shared BasicBlocks library.

  #19505 merged May 21, 2025

• Exclude some queries from query suites by lowering their precision.

  #19507 merged May 21, 2025

• Rust: ignore target in qltest

  #19542 merged May 21, 2025

• Rust: Bulk model generator

  #19499 merged May 20, 2025

• C#: Update SDK version in integration test

  #19536 merged May 20, 2025

• Go: move to standard windows runner

  #19525 merged May 20, 2025

• Rust: Support non-universal impl blocks

  #19372 merged May 20, 2025

• Changenotes for 2.21.3

  #19531 merged May 20, 2025

55 Pull requests opened by 24 people

• Java: Queries for thread-safe classes

  #19539 opened May 20, 2025

• Java: Add test showing missing dispatch for incomplete parameterised type

  #19543 opened May 20, 2025

• Quantum: Support for BouncyCastle signature algorithms and block cipher modes

  #19568 opened May 23, 2025

• Shared/Java: Add shared Guards library and switch Java to use it.

  #19573 opened May 23, 2025

• Rust: Remove source vs library deduplication logic

  #19577 opened May 26, 2025

• Rust: skip private items when extracting library files

  #19581 opened May 26, 2025

• Diff-informed queries via primary/secondary abstractions

  #19586 opened May 27, 2025

• Experiment: Mark predicate inline to test QL-for-QL query

  #19609 opened May 28, 2025

• Experiment: Test QL-for-QL overlay[caller] query

  #19610 opened May 28, 2025

• JS: Deprecate type extraction

  #19640 opened Jun 2, 2025

• Python: Improve performance of FileNotClosed query by using basic block reachability

  #19641 opened Jun 2, 2025

• Rust: emit `Const` bodies in library mode

  #19651 opened Jun 3, 2025

• Go: fix models through redefined types

  #19653 opened Jun 3, 2025

• Go: fix `DefinedType.getBaseType`

  #19654 opened Jun 3, 2025

• JS: ClientRequests Axios Instance support

  #19655 opened Jun 3, 2025

• Add `client-response` Threat Model and update JS ClientsRequests

  #19656 opened Jun 3, 2025

• Rust: Fix type inference for library parameters

  #19658 opened Jun 3, 2025

• Python: Support type annotations in call graph

  #19672 opened Jun 4, 2025

• Fixes in cpp/global-use-before-init

  #19676 opened Jun 5, 2025

• Go: Improve two class names and add some helper predicates

  #19677 opened Jun 5, 2025

• JavaScript: Don't extract obviously generated files

  #19680 opened Jun 5, 2025

• Ruby: add support for extracting overlay databases

  #19684 opened Jun 6, 2025

• Rust: New query rust/access-after-lifetime-ended

  #19702 opened Jun 9, 2025

• fix qhelp files

  #19707 opened Jun 9, 2025

• Ruby: generate overlay discard predicates

  #19719 opened Jun 10, 2025

• Enhance `cpp/overflow-calculated` - detect out-of-bounds write caused by passing the buffer size in bytes (using sizeof) instead of the number of elements to wcsftime, allowing the function to overrun the allocated buffer.

  #19722 opened Jun 10, 2025

• Update qhelp style guide for markdown format

  #19730 opened Jun 11, 2025

• Ruby: enable overlay compilation

  #19731 opened Jun 11, 2025

• JS: Promote `js/loop-iteration-skipped-due-to-shifting` to the Code Quality suite

  #19743 opened Jun 12, 2025

• MaD generator: use `--threads=0` and 2GB per thread for `--ram` by default

  #19744 opened Jun 12, 2025

• Add CI workflow to check overlay annotations

  #19747 opened Jun 13, 2025

• Rust: Type inference for `for` loops and array expressions

  #19754 opened Jun 13, 2025

• Improve TypeORM model

  #19762 opened Jun 13, 2025

• Add lodash GroupBy as taint step

  #19768 opened Jun 13, 2025

• Improve NestJS sources and dependency injection

  #19769 opened Jun 14, 2025

• Improve data flow in the `async` package

  #19770 opened Jun 15, 2025

• Rust: limit number of diagnostics to 100 per trap file

  #19774 opened Jun 16, 2025

• JS: Mass promotion of queries to `quality` status

  #19776 opened Jun 16, 2025

• Overlay: Add script to help maintain overlay annotations

  #19778 opened Jun 16, 2025

• Overlay: Add overlay annotations to Java & shared libraries

  #19779 opened Jun 16, 2025

• Overlay: Add CI workflow to check overlay annotations

  #19780 opened Jun 16, 2025

• Go: remove language tests from workflows

  #19781 opened Jun 16, 2025

• JS: Improve Express middleware taint tracking

  #19784 opened Jun 16, 2025

• Rust: expand attribute macros on `AssocItem`

  #19786 opened Jun 16, 2025

• Rust: Update PoemHandlerParam to use getCanonicalPath

  #19801 opened Jun 17, 2025

• Rust: Update SqlxQuery, SqlxExecute to use getCanonicalPath

  #19802 opened Jun 17, 2025

• Rust: Update DotDotCheck to use getCanonicalPath

  #19804 opened Jun 17, 2025

• Java: Add manual overlay annotations & discard predicates

  #19813 opened Jun 18, 2025

• Crypto: Fix cpp-specific code scanning alert failure

  #19814 opened Jun 18, 2025

• Rust: Path resolution for `crate::{self as foo}`

  #19816 opened Jun 18, 2025

• Convert remaining `{go,swift,ruby,java}-code-scanning.qls` query tests to `.qlref`

  #19817 opened Jun 19, 2025

• Rust: adapt model generation to new format

  #19819 opened Jun 19, 2025

• Rust: Fix type inference for explicit dereference with `*` to the `Deref` trait

  #19820 opened Jun 19, 2025

• JS: Update Fastify tld

  #19822 opened Jun 19, 2025

• Rust: expand attribute macros on AssocItem

  #19823 opened Jun 19, 2025

22 Issues closed by 10 people

• can i still use old api for codeql？

  #19668 closed Jun 17, 2025

• Use After Free: Tracking alias

  #18791 closed Jun 13, 2025

• False positive

  #19766 closed Jun 13, 2025

• C/C++: `Gotostmt` also matches `__leave` keyword

  #19666 closed Jun 13, 2025

• [Java] Issue resolving dependences

  #19458 closed Jun 6, 2025

• BDD node limit of 2^^25 reached on Type erasure

  #19648 closed Jun 5, 2025

• Actions: Identifying keywords like `with`, `shell`

  #19629 closed Jun 5, 2025

• Vulnerable Python code is not detected by CWE-094 rule

  #14347 closed Jun 5, 2025

• C++: Multi-Level Member Function Calls Not Modeled as DataFlow::Node

  #19457 closed Jun 4, 2025

• How to speed up the execution

  #19471 closed Jun 4, 2025

• CodeQL DB missing half the source C files, getting compiled with no errors.

  #19066 closed Jun 3, 2025

• General issue

  #18406 closed May 31, 2025

• JAVA:could not resolve type MethodAccess

  #19615 closed May 28, 2025

• General issue: Cannot upgrade database

  #4034 closed May 22, 2025

• Uninformative error message from qltest when there are no source files

  #3406 closed May 22, 2025

• General issue

  #3289 closed May 22, 2025

• How to open rel file in a CodeQL database？

  #3100 closed May 22, 2025

• Can vscode open the Path Explore?

  #3017 closed May 22, 2025

• Build error in C#8

  #2952 closed May 22, 2025

• CLI incompatible with dataset

  #2548 closed May 22, 2025

• False positive in C/C++ dead code detection

  #19399 closed May 21, 2025

• CodeQL detected code written in Java/Kotlin but could not process any of it

  #19527 closed May 20, 2025

19 Issues opened by 18 people

• CodeQL analysis does not detect expected command injection vulnerability

  #19811 opened Jun 18, 2025

• General issue Go. Why isn't the following code recognized as a source in a global data stream?

  #19807 opened Jun 18, 2025

• Support for `.slnx` Solution Format Not Yet Implemented

  #19767 opened Jun 13, 2025

• Add support for Oracle Call Interface (OCI) to C/C++ coverage

  #19764 opened Jun 13, 2025

• Taint step for the Gradio framework

  #19752 opened Jun 13, 2025

• Extraction error with tsg-python

  #19736 opened Jun 11, 2025

• CodeQL unable to find out sources of a chosen dataflow node in Javascript

  #19720 opened Jun 10, 2025

• Add new state: Unicode compatibility normalization

  #19706 opened Jun 9, 2025

• Code scanning doesn't run on pull request in organization repo

  #19698 opened Jun 8, 2025

• False Positive: "Statement has no effect" on Airflow task chaining with >> operator

  #19687 opened Jun 6, 2025

• False positive: Env var is from config, not vault, and contains the name of another env var

  #19681 opened Jun 5, 2025

• Code scanning is waiting for results from CodeQL; CodeQL is stuck

  #19671 opened Jun 4, 2025

• Kotlin language database create bug?

  #19670 opened Jun 4, 2025

• CodeQL Docs: SnakeYaml is now secure by default

  #19664 opened Jun 3, 2025

• Call chain analysis exception

  #19637 opened Jun 1, 2025

• Actions: imprecise action references in model data

  #19635 opened May 30, 2025

• Java: static field access of unknown class breaks dataflow (build-mode=none)

  #19597 opened May 27, 2025

• Java: Generic Class Methods not connected when type parameter is unknown (build-mode=none)

  #19538 opened May 20, 2025

• False positive: Go / MongoDB Find method

  #19537 opened May 20, 2025

14 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Rust: update docs

  #19280 commented on Jun 19, 2025 • 41 new comments

• Rust: upgrade `rust-analyzer` to 0.0.287

  #19524 commented on Jun 18, 2025 • 3 new comments

• [JAVA] [GRADLE] OOM Issue with GitHub Autobuilder for Kotlin

  #19374 commented on May 20, 2025 • 0 new comments

• CWE(s) in Kotlin not being detected by java-kotlin queries?

  #19517 commented on May 21, 2025 • 0 new comments

• False positives in cpp/user-after-free

  #19387 commented on May 22, 2025 • 0 new comments

• Add support for Swift 6.1 / Xcode 16.3 with Autobuild

  #19522 commented on Jun 2, 2025 • 0 new comments

• [Bug] Spurious `remote: error: GH013: Repository rule violations found for refs/heads/trunk.` `remote: - Code scanning is waiting for results from CodeQL for the commit`

  #19459 commented on Jun 3, 2025 • 0 new comments

• C++: request for support more C++ features to avoid failures in CodeQL compile

  #16652 commented on Jun 4, 2025 • 0 new comments

• Ruby NetHttpRequest improvements

  #19294 commented on Jun 10, 2025 • 0 new comments

• [Java] Dataflow through object

  #18680 commented on Jun 17, 2025 • 0 new comments

• C++: Handle explicitly instantiated templates

  #16075 commented on Jun 17, 2025 • 0 new comments

• temp

  #18230 commented on Jun 2, 2025 • 0 new comments

• Bump crossbeam-channel from 0.5.14 to 0.5.15 in the cargo group across 1 directory

  #19275 commented on May 20, 2025 • 0 new comments

• Add Microsoft to trusted actions owner

  #19450 commented on Jun 5, 2025 • 0 new comments