presidentbeef / brakeman Public

Notifications You must be signed in to change notification settings
Fork 747
Star 7.1k

Code
Issues 105
Pull requests 17
Discussions
Actions
Wiki
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Wiki
Security
Insights

Pull requests: presidentbeef/brakeman

Labels 15 Milestones 1

New pull request New

17 Open 1,112 Closed

Author

Filter by author

Uh oh!

There was an error while loading. Please reload this page.

Label

Filter by label

Uh oh!

There was an error while loading. Please reload this page.

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Uh oh!

There was an error while loading. Please reload this page.

Milestones

Filter by milestone

Uh oh!

There was an error while loading. Please reload this page.

Reviews

Filter by reviews

No reviews Review required Approved review Changes requested

Assignee

Filter by who’s assigned

Assigned to nobody

Uh oh!

There was an error while loading. Please reload this page.

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Pull requests list

Improve ignored warnings layout

#1941 opened Jun 4, 2025 by inkstak

Loading…

Check for unsafe SQL when two arguments are passed to AR methods

#1936 opened Apr 23, 2025 by patbl

Loading…

Consider Tempfile.create.path as safe input

#1933 opened Apr 15, 2025 by aliismayilov

Loading…

Allow model paths for classifying files to be configured

#1930 opened Apr 1, 2025 by Catsuko

Loading…

Add support for namespaced safe_methods option

#1916 opened Jan 27, 2025 by evpgh

Loading…

Use lazy file lists in AppTree

#1913 opened Jan 21, 2025 by presidentbeef

Loading…

Do not treat private methods as routable

#1876 opened Oct 21, 2024 by presidentbeef

Loading…

https://github.com/presidentbeef/brakeman/issues/1841

#1842 opened Apr 30, 2024 by kwerle

Loading…

Fixed detection of UnscopedFind if optional: true is defined in the model and is not self-reference association

#1764 opened Mar 3, 2023 by NerdyBoyCool

Loading…

Additional CSRF deactivation checks

#1720 opened Jul 6, 2022 by jamgregory • Draft

1 of 6 tasks

Expand Regex DoS check to include String#match and #match? coercion

#1715 opened Jun 8, 2022 by bensheldon

Loading…

Shows ignored warnings on markdown output

#1712 opened May 24, 2022 by Maysora

Loading…

Fix markdown message with pipe character

#1711 opened May 24, 2022 by Maysora

Loading…

Add check for Host Authorization middleware

#1633 opened Aug 23, 2021 by p8

Loading…

[DRAFT] XSS in flash

#1594 opened May 24, 2021 by Karlotcha • Draft

Do dataflow on all of 'library' code

#1554 opened Jan 20, 2021 by presidentbeef

Loading…

Namespaced classes that are not fully qualified can cause difference in false positives/negatives (WIP)

#1523 opened Oct 16, 2020 by ChrisNJ58

Loading…

ProTip! Type g p on any issue or pull request to go back to the pull request listing page.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Uh oh!