Skip to content
Navigation Menu
Toggle navigation
Sign in
Appearance settings
Platform
AI CODE CREATION
GitHub Copilot
Write better code with AI
GitHub Spark
Build and deploy intelligent apps
GitHub Models
Manage and compare prompts
MCP Registry
New
Integrate external tools
DEVELOPER WORKFLOWS
Actions
Automate any workflow
Codespaces
Instant dev environments
Issues
Plan and track work
Code Review
Manage code changes
APPLICATION SECURITY
GitHub Advanced Security
Find and fix vulnerabilities
Code security
Secure your code as you build
Secret protection
Stop leaks before they start
EXPLORE
Why GitHub
Documentation
Blog
Changelog
Marketplace
View all features
Solutions
BY COMPANY SIZE
Enterprises
Small and medium teams
Startups
Nonprofits
BY USE CASE
App Modernization
DevSecOps
DevOps
CI/CD
View all use cases
BY INDUSTRY
Healthcare
Financial services
Manufacturing
Government
View all industries
View all solutions
Resources
EXPLORE BY TOPIC
AI
Software Development
DevOps
Security
View all topics
EXPLORE BY TYPE
Customer stories
Events & webinars
Ebooks & reports
Business insights
GitHub Skills
SUPPORT & SERVICES
Documentation
Customer support
Community forum
Trust center
Partners
Open Source
COMMUNITY
GitHub Sponsors
Fund open source developers
PROGRAMS
Security Lab
Maintainer Community
Accelerator
Archive Program
REPOSITORIES
Topics
Trending
Collections
Enterprise
ENTERPRISE SOLUTIONS
Enterprise platform
AI-powered developer platform
AVAILABLE ADD-ONS
GitHub Advanced Security
Enterprise-grade security features
Copilot for Business
Enterprise-grade AI features
Premium Support
Enterprise-grade 24/7 support
Pricing
Search or jump to...
Search code, repositories, users, issues, pull requests...
Search syntax tips
Provide feedback
Saved searches
Use saved searches to filter your results more quickly
Sign in
Sign up
Appearance settings
Resetting focus
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
github
/
codeql
Public
Notifications
You must be signed in to change notification settings
Fork
1.9k
Star
9.1k
Code
Issues
917
Pull requests
370
Discussions
Actions
Projects
0
Models
Security
Uh oh!
There was an error while loading.
Please reload this page
.
Insights
Additional navigation options
Code
Issues
Pull requests
Discussions
Actions
Projects
Models
Security
Insights
Commits
Branch selector
main
User selector
smowton
Datepicker
All time
Commit History
Commits on Dec 8, 2025
Merge pull request #20984 from github/rc/3.20
Show description for 359a28e
smowton
authored
359a28e
Copy full SHA for 359a28e
Merge pull request #20983 from smowton/smowton/feature/csharp-csrf-aspnetcore
Show description for ef991e5
smowton
authored
ef991e5
Copy full SHA for ef991e5
Change note
smowton
committed
79718b6
Copy full SHA for 79718b6
C# CSRF query: add support for ASP.NET Core
smowton
committed
5bb31af
Copy full SHA for 5bb31af
Commits on Dec 5, 2025
Merge pull request #20970 from github/smowton/admin/document-missing-actions-permissions-shortcomings
Show description for 86962c6
smowton
authored
86962c6
Copy full SHA for 86962c6
Actions: note imprecision of MissingActionsPermissions.ql
Show description for 02caa09
smowton
authored
02caa09
Copy full SHA for 02caa09
Commits on Oct 27, 2025
Merge pull request #20550 from github/smowton/admin/document-rails-5-csrf
Show description for 2e0e9e0
smowton
authored
2e0e9e0
Copy full SHA for 2e0e9e0
Commits on Oct 1, 2025
Optimise join order for varBlockReaches
smowton
authored and
owen-mc
committed
a3eb010
Copy full SHA for a3eb010
Merge pull request #20560 from smowton/smowton/fix/start-in-constructor-fp
Show description for f5ae5be
smowton
authored
f5ae5be
Copy full SHA for f5ae5be
Commits on Sep 30, 2025
Java: note that classes with entirely private constructors can't be subclassed
smowton
committed
f88daff
Copy full SHA for f88daff
Reword
smowton
authored
ff4b97b
Copy full SHA for ff4b97b
Commits on Sep 29, 2025
Note issue in related query
smowton
authored
f123935
Copy full SHA for f123935
Ruby: Update CSRF protection notes in documentation
Show description for 18c5cb1
smowton
authored
18c5cb1
Copy full SHA for 18c5cb1
Commits on Sep 25, 2025
Change note
smowton
authored
9e7a521
Copy full SHA for 9e7a521
Go: mistyped-exponentiation: notice constants with likely-bitmask values
smowton
committed
e9cccb4
Copy full SHA for e9cccb4
Commits on Sep 15, 2025
Merge pull request #20423 from smowton/smowton/fix/length-comparison-off-by-one-fp
Show description for c375f24
smowton
authored
c375f24
Copy full SHA for c375f24
Commits on Sep 12, 2025
Change note
smowton
committed
db5c581
Copy full SHA for db5c581
Amend docstring
smowton
committed
f5780ae
Copy full SHA for f5780ae
Recognise that a less-than test is as good as a non-equal test for mitigating off-by-one array access
smowton
committed
4fb133a
Copy full SHA for 4fb133a
Commits on Aug 21, 2025
Merge pull request #20264 from github/smowton/admin/merge-rc319-into-main
Show description for 2d9470d
smowton
authored
2d9470d
Copy full SHA for 2d9470d
Merge remote-tracking branch 'origin/main' into smowton/admin/merge-rc319-into-main
smowton
committed
1829060
Copy full SHA for 1829060
Commits on Aug 18, 2025
Merge pull request #20241 from github/post-release-prep/codeql-cli-2.22.4
Show description for 238cb9c
smowton
authored
238cb9c
Copy full SHA for 238cb9c
Merge pull request #20240 from github/release-prep/2.22.4
Show description for 57378ec
smowton
authored
57378ec
Copy full SHA for 57378ec
Commits on Jul 16, 2025
Merge pull request #20065 from smowton/smowton/fix/web.config
Show description for d6a3b2e
smowton
authored
d6a3b2e
Copy full SHA for d6a3b2e
change note
smowton
committed
a537c00
Copy full SHA for a537c00
Commits on Jul 15, 2025
Merge pull request #20056 from github/smowton/fix/tainted-path-is-local
Show description for 16f3fc6
smowton
authored
16f3fc6
Copy full SHA for 16f3fc6
Fix function qname
smowton
committed
b71f9ae
Copy full SHA for b71f9ae
Change note
smowton
authored
ac72f85
Copy full SHA for ac72f85
Golang: Mark filepath.IsLocal as a tainted-path sanitizer guard
smowton
authored
c8eefb7
Copy full SHA for c8eefb7
Commits on Jun 25, 2025
Fix typo
Show description for 2291e10
smowton
and
Copilot
authored
2291e10
Copy full SHA for 2291e10
Commits on Jun 18, 2025
Merge pull request #19496 from smowton/smowton/admin/cleanup-kotlin-versions
Show description for 4a14d35
smowton
authored
4a14d35
Copy full SHA for 4a14d35
Commits on Jun 5, 2025
Merge pull request #19675 from github/smowton/fix/abstract-env
Show description for fbae306
smowton
authored
fbae306
Copy full SHA for fbae306
Actions: Make `Env` non-abstract
Show description for 338d383
smowton
authored
338d383
Copy full SHA for 338d383
Commits on May 15, 2025
Inline version-specific override code where there is now only one version
smowton
committed
084222e
Copy full SHA for 084222e
Fold v_1_5_0 and v_1_5_20 files forwards into v_1_6_0, dropping any that are overridden
smowton
committed
79171a9
Copy full SHA for 79171a9
Pagination
Previous
Next
You can’t perform that action at this time.
