Skip to content

Pull requests: coreruleset/coreruleset

New pull request New
28 Open 1,748 Closed
28 Open 1,748 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

fix: Update restricted files to include Perl subdirectories
#4620 opened Apr 20, 2026 by HackingRepo Contributor Loading…
5
feat(934200): detect Server-Side Template Injection (SSTI) attacks
#4600 opened Mar 30, 2026 by zoutjebot Contributor Loading…
11
fix(932): add backslash-prefix evasion to shell command detection
#4599 opened Mar 30, 2026 by zoutjebot Contributor Loading…
9
fix(932130): detect ANSI-C quoting hex-encoded commands
#4598 opened Mar 30, 2026 by zoutjebot Contributor Loading…
7
fix(942190,942230): detect SQLite == and GLOB, PostgreSQL ARRAY @>
#4597 opened Mar 30, 2026 by zoutjebot Contributor Loading…
3
fix(932270): require boundary before tilde expansion patterns
#4596 opened Mar 30, 2026 by zoutjebot Contributor Loading…
4
fix(932330): require non-alphanumeric prefix for bash negation pattern
#4595 opened Mar 30, 2026 by zoutjebot Contributor Loading…
6
fix(932): require arguments for base64, lastlog, lastlogin
#4593 opened Mar 30, 2026 by zoutjebot Contributor Loading…
6
fix(932): remove w from Unix no-arguments command list
#4592 opened Mar 30, 2026 by zoutjebot Contributor Loading…
9
fix(932): remove brace from Unix shell evasion prefix
#4591 opened Mar 30, 2026 by zoutjebot Contributor Loading…
4
fix(943110): remove generic session-id and session_id from PL1
#4590 opened Mar 30, 2026 by zoutjebot Contributor Loading…
8
fix(942550): restrict first SQLite/PostgreSQL branch to single-quote and backtick
#4589 opened Mar 30, 2026 by zoutjebot Contributor Loading…
2
feat(921300): Query delimiter confusion
#4571 opened Mar 26, 2026 by touchweb-vincent Contributor Loading…
2 of 11 tasks
5
refactor: create 941170 .ra file 🧙 regex-assembly release:refactor
#4493 opened Mar 1, 2026 by fzipi Member Loading…
2
fix(921422): reduce false positive
#4433 opened Jan 28, 2026 by touchweb-vincent Contributor Loading…
2 of 11 tasks
1
feat(ci): Weekly quantitative tests release:ignore Ignore for changelog release
#4391 opened Dec 27, 2025 by M4tteoP Member Draft
2
feat(942500): stronger hardening to improve PL1 protection
#4328 opened Nov 9, 2025 by touchweb-vincent Contributor Loading…
7
fix(942360): avoid c-type comment evasion
#4325 opened Nov 7, 2025 by touchweb-vincent Contributor Loading…
3
feat: add rule 920442 on PL3 to detect more file extensions
#4324 opened Nov 7, 2025 by touchweb-vincent Contributor Loading…
5
feat: add rule 920550 on PL2 to detect more file extensions
#4323 opened Nov 7, 2025 by touchweb-vincent Contributor Loading…
20
chore: improves quant output with run details release:ignore Ignore for changelog release
#4318 opened Nov 3, 2025 by M4tteoP Member Loading…
1
fix(931130): Isolating 2-chars sequence with high risk of false positive on high entropy input ⚠️ do not merge Additional work or discussion is needed despite passing tests
#4304 opened Oct 22, 2025 by touchweb-vincent Contributor Loading…
27
feat: add 921500 - Nonstandard urlencode characters in path
#4302 opened Oct 22, 2025 by touchweb-vincent Contributor Loading…
3 of 11 tasks
11
feat: updated unix shell builtins release:new-detection In this PR we introduce a new detection
#4271 opened Sep 23, 2025 by Xhoenix Member Loading…
8
fix(942360): update sqli payloads release:fix release:refactor
#4238 opened Aug 11, 2025 by Xhoenix Member Loading…
1
8
ProTip! Follow long discussions with comments:>50.