Skip to content

Pull requests: coreruleset/coreruleset

New pull request New
32 Open 1,758 Closed
32 Open 1,758 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

fix(920240, 920400): don't rely on content-type header backport:lts-4.25 PR that must be backported to LTS release release:fix
#4639 opened May 17, 2026 by EsadCetiner Member Loading…
1 of 12 tasks
1
feat: Add missing PostgreSQL and MySQL functions for error-based SQLi detection
#4637 opened May 11, 2026 by joe2005mahmoud-art Loading…
3
fix(932180): enforce boundaries for high-risk false positives entries
#4632 opened May 7, 2026 by EsadCetiner Member Loading…
6 of 12 tasks
1
13
feat: add base64 decode to 921140 and detect cpanel CVE-2026-41940 release:new-detection In this PR we introduce a new detection
#4628 opened May 3, 2026 by EsadCetiner Member Draft
3 of 12 tasks
4
test: add containerized default go-ftw tests to docker compose file
#4627 opened May 1, 2026 by studersi Contributor Loading…
6 of 12 tasks
5
feat: Expand web shells (v1)
#4626 opened Apr 26, 2026 by HackingRepo Contributor Loading…
6
fix(932): add backslash-prefix evasion to shell command detection
#4599 opened Mar 30, 2026 by zoutjebot Contributor Loading…
9
fix(932130): detect ANSI-C quoting hex-encoded commands
#4598 opened Mar 30, 2026 by zoutjebot Contributor Loading…
8
fix(942190,942230): detect SQLite == and GLOB, PostgreSQL ARRAY @>
#4597 opened Mar 30, 2026 by zoutjebot Contributor Loading…
3
fix(932270): require boundary before tilde expansion patterns
#4596 opened Mar 30, 2026 by zoutjebot Contributor Loading…
7
fix(932330): require non-alphanumeric prefix for bash negation pattern
#4595 opened Mar 30, 2026 by zoutjebot Contributor Loading…
7
fix(932): require arguments for base64, lastlog, lastlogin
#4593 opened Mar 30, 2026 by zoutjebot Contributor Loading…
6
fix(932): remove w from Unix no-arguments command list
#4592 opened Mar 30, 2026 by zoutjebot Contributor Loading…
9
fix(932): remove brace from Unix shell evasion prefix
#4591 opened Mar 30, 2026 by zoutjebot Contributor Loading…
4
fix(943110): remove generic session-id and session_id from PL1
#4590 opened Mar 30, 2026 by zoutjebot Contributor Loading…
8
fix(942550): restrict first SQLite/PostgreSQL branch to single-quote and backtick
#4589 opened Mar 30, 2026 by zoutjebot Contributor Loading…
2
feat(921300): Query delimiter confusion
#4571 opened Mar 26, 2026 by touchweb-vincent Contributor Loading…
2 of 11 tasks
5
refactor: create 941170 .ra file 🧙 regex-assembly release:refactor
#4493 opened Mar 1, 2026 by fzipi Member Loading…
4
fix(921422): reduce false positive Stale
#4433 opened Jan 28, 2026 by touchweb-vincent Contributor Loading…
2 of 11 tasks
1
feat(ci): Weekly quantitative tests release:ignore Ignore for changelog release
#4391 opened Dec 27, 2025 by M4tteoP Member Draft
2
feat(942500): stronger hardening to improve PL1 protection Stale
#4328 opened Nov 9, 2025 by touchweb-vincent Contributor Loading…
7
fix(942360): avoid c-type comment evasion Stale
#4325 opened Nov 7, 2025 by touchweb-vincent Contributor Loading…
3
feat: add rule 920442 on PL3 to detect more file extensions
#4324 opened Nov 7, 2025 by touchweb-vincent Contributor Loading…
5
feat: add rule 920550 on PL2 to detect more file extensions Stale
#4323 opened Nov 7, 2025 by touchweb-vincent Contributor Loading…
20
chore: improves quant output with run details release:ignore Ignore for changelog release
#4318 opened Nov 3, 2025 by M4tteoP Member Loading…
1
ProTip! Updated in the last three days: updated:>2026-05-15.