Skip to content

Pull requests: semgrep/semgrep-rules

New pull request New
104 Open 3,074 Closed
104 Open 3,074 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

feat: add TypeScript rules for mcp-command-injection and mcp-ssrf
#3874 opened Jun 7, 2026 by Lonkins Loading…
1
1
Add subprocess shell=True coverage for common APIs
#3872 opened Jun 6, 2026 by gell-deff Loading…
2
Add llm-output-to-sql taint rule for Python
#3871 opened Jun 5, 2026 by KezoSec Loading…
8
Add fastapi pickle deserialization
#3870 opened Jun 5, 2026 by decaphed Loading…
10
Fix command-injection-process-builder false negative on fluent ProcessBuilder().command()
#3868 opened Jun 4, 2026 by arpitjain099 Loading…
1
fix: correct YAML metadata syntax errors in apex, generic, rust rules
#3867 opened Jun 4, 2026 by jasonlhills Loading…
1
fix(java): weak-random misses stored Random instances
#3866 opened Jun 3, 2026 by arpitjain099 Loading…
1
fix(expat-xxe): match ESM import forms of node-expat
#3865 opened Jun 3, 2026 by arpitjain099 Loading…
1
fix(java.rmi): stop flagging RMI params of safe scalar array types
#3864 opened Jun 3, 2026 by arpitjain099 Loading…
1
3
fix(secrets): tighten heroku API key regex to remove false positives
#3863 opened Jun 3, 2026 by arpitjain099 Loading…
1
3
fix(django): stop django-no-csrf-token false positive on nested if blocks
#3862 opened Jun 3, 2026 by arpitjain099 Loading…
1
3
Add uv-script-unpinned-dependency rule (follow-up to #3791 / #3805)
#3861 opened Jun 2, 2026 by pid1 Contributor Loading…
2
Poetry and Ruby cooldown
#3860 opened Jun 2, 2026 by gbennett-squarespace Contributor Loading…
2
Add detect-groq AI usage rule
#3859 opened Jun 1, 2026 by u7k4rs6 Loading…
1
Add detect-ollama AI usage rule
#3858 opened Jun 1, 2026 by u7k4rs6 Loading…
2
feat: add MyBatis-Plus SQL injection detection rules
#3857 opened Jun 1, 2026 by kylie-dot Loading…
1
fix: asyncpg SQLi rule query-argument matching
#3855 opened May 31, 2026 by alexmac Loading…
4
fix(jjwt-none-alg): scope signWith check to same builder chain
#3854 opened May 27, 2026 by fr4nsyz Loading…
1
New Published Rules - five9.crlf-injection-logs-deepsemgrep-copy
#3853 opened May 26, 2026 by semgrep-dev-pr-bot Bot Loading…
New Published Rules - yumi2.untitleryhetr
#3852 opened May 22, 2026 by semgrep-dev-pr-bot Bot Loading…
New Published Rules - yumi2.newruletest
#3851 opened May 22, 2026 by semgrep-dev-pr-bot Bot Loading…
New Published Rules - hackerone_yumi.untitled_rule
#3850 opened May 22, 2026 by semgrep-dev-pr-bot Bot Loading…
Add oauth-state-unsigned-base64 rule for unsigned OAuth state forgery
#3849 opened May 20, 2026 by nedu-m Loading…
6
python/fastapi: add subprocess-shell-injection rule for command injection via shell=True
#3848 opened May 15, 2026 by gugacyber Loading…
Add lgpd-cpf-exposure: detect CPF PII exposure violating Brazilian LGPD
#3847 opened May 15, 2026 by gugacyber Loading…
ProTip! Updated in the last three days: updated:>2026-06-05.