CodeQL Wall of Fame (original) (raw)

CodeQL Wall of Fame

Join us in our mission to improve open source security for all

418

vulnerabilities found

with the help of CodeQL

The GitHub Security Lab uses CodeQL to perform variant analysis, an important technique for identifying new types of security vulnerabilities of a given class. The Security Lab and its community shares its knowledge with developers, to benefit both open source and commercial organizations.

The CodeQL Wall of Fame is a (non-exhaustive) list of vulnerabilities that the GitHub Security Lab and our community have found using CodeQL. In most cases these vulnerabilities were detected as a direct result of a query launch. In other cases, CodeQL was used to explore the codebase faster and accelerate the manual audit.

Want to join us in our mission to improve open source security for all? Choose your own adventure to get started:

Get featured

Did you find a new CVE thanks to CodeQL? Open a submission to see your work displayed on the CodeQL Wall of Fame.

Secure your code

You are one click away to benefit from the power of CodeQL on your open source codebase. For private code, contact sales.

Learn CodeQL

Dive into our Capture the Flag challenges designed to sharpen your abilities while mastering CodeQL.

April 17, 2025

Several vulnerabilities were found in Camaleon CMS. Three vulnerabilities (GHSL-2024-182, GHSL-2024-183, GHSL-2024-184) can be exploited by "normal" authenticated users. Camaleon CMS instances where self-registration is enabled (e.g. to leave comments on posts) are especially endangered by these vulnerabilities.

March 19, 2025

Applio 3.2.7 is vulnerable to unsafe deserialization, SSRFs and arbitrary file writes, arbitrary file read and arbitrary file removal.

February 13, 2025

Apache Superset is vulnerable to a Poisoned Pipeline Execution (PPE) attack which may lead to a full compromise of the apache/superset repository.