Skip to content

Pull requests: semgrep/semgrep-rules

New pull request New
55 Open 3,029 Closed
55 Open 3,029 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

New Published Rules - forthlogicai.mcp-ssrf-taint-copy
#3745 opened Jan 20, 2026 by semgrep-dev-pr-bot bot Loading…
New Published Rules - preprocess SSTI in thymeleaf
#3744 opened Jan 18, 2026 by EvtDanya Loading…
2
Merge Develop into Release
#3742 opened Jan 16, 2026 by r2c-argo bot Loading…
New Published Rules - ahamedjobayer561_personal_org.mcp-auth-passthrough-taint-copy
#3741 opened Jan 14, 2026 by semgrep-dev-pr-bot bot Loading…
3
New Published Rules - raymond_tracing.never-return-pointers
#3740 opened Jan 14, 2026 by semgrep-dev-pr-bot bot Loading…
Update deprecation message for bnot operator
#3738 opened Jan 13, 2026 by JustCallMeRay Loading…
2
Bump urllib3 from 2.0.7 to 2.6.3 dependencies Pull requests that update a dependency file python Pull requests that update Python code
#3734 opened Jan 8, 2026 by dependabot bot Loading…
New Published Rules - javascript.xss.innerhtml-taint
#3731 opened Jan 4, 2026 by semgrep-dev-pr-bot bot Loading…
Fix #3729
#3730 opened Dec 25, 2025 by LucianoHanna Loading…
3
fix fn in ecb-cipher
#3728 opened Dec 23, 2025 by 9iang22 Loading…
New Published Rules - mikolaj_jeziorny.prestashop-mysql-smarty-cache-vuln
#3725 opened Dec 12, 2025 by semgrep-dev-pr-bot bot Loading…
New Published Rules - jort_vleenen_nl.tainted-sql-string
#3723 opened Dec 8, 2025 by semgrep-dev-pr-bot bot Loading…
2
New Published Rules - jort_vleenen_nl.tainted-sql-string-copy
#3722 opened Dec 8, 2025 by semgrep-dev-pr-bot bot Loading…
1
New Published Rules - muhanluo1234_personal_org.wp-hook-missing-auth-closures
#3720 opened Dec 7, 2025 by semgrep-dev-pr-bot bot Loading…
feat(rules): add Nigerian fintech hardcoded secret detectors by @Lloydcoder
#3719 opened Dec 6, 2025 by LloydCoder Loading…
2
New Published Rules - skajedevel_personal_org.xpath-injection-copy
#3713 opened Nov 23, 2025 by semgrep-dev-pr-bot bot Loading…
1
Add additional PHP LFI functions: file_get_contents, readfile, and fopen
#3711 opened Nov 14, 2025 by matejsmycka Loading…
2
New Published Rules - dominik_personal.nextjs-middleware-ssrf
#3710 opened Nov 2, 2025 by semgrep-dev-pr-bot bot Loading…
New Rules Proposal: Detect usage in java of an XML canonicalization method that excludes XML comments.
#3708 opened Oct 31, 2025 by righettod Loading…
1
New Rules Proposal: Detect usage of SHA1PRNG in java.
#3707 opened Oct 30, 2025 by righettod Loading…
1
New Rules Proposal: Detect exposure to log injection in java.
#3706 opened Oct 24, 2025 by righettod Loading…
1
Apply template scans to *.twig files
#3704 opened Oct 21, 2025 by Sjord Loading…
1
Update remediation suggestion for python.django.security.injection.open-redirect
#3703 opened Oct 20, 2025 by dimeko Loading…
1
Update formatted-sql-string rule message with better guidance
#3701 opened Sep 29, 2025 by stuartcmehrens Loading…
Add nextjs-images-wildcard-hostname security rule
#3700 opened Sep 28, 2025 by mortezapiri Loading…
1
ProTip! Adding no:label will show everything without a label.