IndexedVerified
Config/YAML Security
Generic, YAML, shell, Dockerfile, and CI configuration SAST rules aggregated across verified providers.
Fetch pack
greprules pack fetch config-security --engine opengrepcurl https://api.greprules.io/api/packs/config-security.tar.gz -o config-security.tar.gzIncluded rules
CVE-2018-25160: Perl Http Session2 Cve 2018 25160
cve-2018-25160-perl-http-session2-cve-2018-25160CVE-2024-3196: Perl Backticks String Concatcve-2024-3196-perl-backticks-string-concatCVE-2025-54081: Sc Unquoted Search Pathcve-2025-54081-sc-unquoted-search-pathCVE-2025-54792: Dart Path Traversal Joincve-2025-54792-dart-path-traversal-joinCVE-2026-33691: Modsecurity Upload Missing Removewhitespacecve-2026-33691-modsecurity-upload-missing-removewhitespaceCVE-2024-21650: Xwiki Velocity Request Param Into Wiki Linkcve-2024-21650-xwiki-velocity-request-param-into-wiki-linkCVE-2024-31982: Xwiki Feed Output In Verbatim Blockcve-2024-31982-xwiki-feed-output-in-verbatim-blockCVE-2024-32641: Masacms Insecure Default Dynamic Content Flagcve-2024-32641-masacms-insecure-default-dynamic-content-flagCVE-2024-32656: Insecure Jmx Authenticationcve-2024-32656-insecure-jmx-authenticationCVE-2024-41127: Github Script Injectioncve-2024-41127-github-script-injectionCVE-2024-42489: Xwiki Velocity Unescaped Param In Rendering Syntaxcve-2024-42489-xwiki-velocity-unescaped-param-in-rendering-syntaxCVE-2024-45592: Twig Unescaped Trans Rawcve-2024-45592-twig-unescaped-trans-rawCVE-2024-45971: Libiec61850 Unsafe Create String From Buffer In Buffercve-2024-45971-libiec61850-unsafe-create-string-from-buffer-in-bufferCVE-2024-47604: Razor Unquoted Attribute Xsscve-2024-47604-razor-unquoted-attribute-xssCVE-2024-52338: R Unsafe Unserialize Of Untrusted Bytescve-2024-52338-r-unsafe-unserialize-of-untrusted-bytesCVE-2024-58134: Mojolicious Insecure Secret Generationcve-2024-58134-mojolicious-insecure-secret-generationCVE-2024-9014: Pgadmin Oauth2 Config Leak In Templatecve-2024-9014-pgadmin-oauth2-config-leak-in-templateCVE-2024-9486: Packer Proxmox Builder User Not Lockedcve-2024-9486-packer-proxmox-builder-user-not-lockedCVE-2025-10725: Kubernetes Clusterrolebinding System Authenticatedcve-2025-10725-kubernetes-clusterrolebinding-system-authenticatedCVE-2025-15604: Perl Insecure Random Rand Into Hashcve-2025-15604-perl-insecure-random-rand-into-hashCVE-2025-27614: Tcl Unescaped Pipeline Heredoccve-2025-27614-tcl-unescaped-pipeline-heredocCVE-2025-30220: Geonetwork Cve 2025 30220 Xxe Placeholdercve-2025-30220-geonetwork-cve-2025-30220-xxe-placeholderCVE-2025-32429: Xwiki Velocity Stale Orderby Validationcve-2025-32429-xwiki-velocity-stale-orderby-validationCVE-2025-40926: Perl Insecure Session Id From Rand Hashcve-2025-40926-perl-insecure-session-id-from-rand-hashCVE-2025-45611: Vulnerable Apache Shiro Version Auth Bypasscve-2025-45611-vulnerable-apache-shiro-version-auth-bypassCVE-2025-53368: Improper Mustache Unescaped Xsscve-2025-53368-improper-mustache-unescaped-xssCVE-2025-55727: Xwiki Velocity Macro Param Xwiki Syntax Injectioncve-2025-55727-xwiki-velocity-macro-param-xwiki-syntax-injectionCVE-2025-55729: Xwiki Velocity Macro Param Unescaped Wiki Syntax Injectioncve-2025-55729-xwiki-velocity-macro-param-unescaped-wiki-syntax-injectionCVE-2025-58178: Gha Run Command Injectioncve-2025-58178-gha-run-command-injectionCVE-2025-59360: Chaos Mesh Ctrlserver Exposedcve-2025-59360-chaos-mesh-ctrlserver-exposedCVE-2025-64112: Statamic Vue Ssti Missing V Precve-2025-64112-statamic-vue-ssti-missing-v-preCVE-2025-64343: Nsis Admin Only Permission Hardeningcve-2025-64343-nsis-admin-only-permission-hardeningCVE-2025-65091: Xwiki Velocity Hql Injectioncve-2025-65091-xwiki-velocity-hql-injectionCVE-2025-65896: Python Sql Encoder Dict Unescaped Keyscve-2025-65896-python-sql-encoder-dict-unescaped-keysCVE-2025-66492: Cfc Alttable Sqli Genericcve-2025-66492-cfc-alttable-sqli-genericCVE-2026-2361: Postgresql Seclabels Security Definercve-2026-2361-postgresql-seclabels-security-definerCVE-2026-24467: Yarnrc Missing Enable Scripts Falsecve-2026-24467-yarnrc-missing-enable-scripts-falseCVE-2026-27613: Pascal Cgi Shell Escape Double Quote In Caret Setcve-2026-27613-pascal-cgi-shell-escape-double-quote-in-caret-setCVE-2026-27941: Github Actions Pull Request Target With Untrusted Checkoutcve-2026-27941-github-actions-pull-request-target-with-untrusted-checkoutCVE-2026-28808: Erlang Inets Mod Alias Which Alias Missing Script Aliascve-2026-28808-erlang-inets-mod-alias-which-alias-missing-script-aliasCVE-2026-34243: Github Actions Untrusted Context In Runcve-2026-34243-github-actions-untrusted-context-in-runCVE-2026-34444: Lupa Luaruntime Attribute Filter Without Register Builtins Falsecve-2026-34444-lupa-luaruntime-attribute-filter-without-register-builtins-falseCVE-2026-34841: Gha Npm Publish Static Secret Token Authcve-2026-34841-gha-npm-publish-static-secret-token-authCVE-2026-40906: Elixir Permissive Validator Catchall Okcve-2026-40906-elixir-permissive-validator-catchall-okCVE-2026-41163: Prctl Set Dumpable Unconditionalcve-2026-41163-prctl-set-dumpable-unconditionalCVE-2026-41431: Mozconfig Unverified Updates Enabledcve-2026-41431-mozconfig-unverified-updates-enabledCVE-2026-42302: Code Server Auth None Unauthenticated Rcecve-2026-42302-code-server-auth-none-unauthenticated-rceCVE-2026-44549: Xlsx Sheet To Html Stored Xsscve-2026-44549-xlsx-sheet-to-html-stored-xssCVE-2026-44895: Github Actions Publish Missing Event Type Guardcve-2026-44895-github-actions-publish-missing-event-type-guardCVE-2026-45318: Open Webui Excel To Table Unsanitized Html Assignmentcve-2026-45318-open-webui-excel-to-table-unsanitized-html-assignmentCVE-2026-45346: Svelte Unsanitized Html Directive Xsscve-2026-45346-svelte-unsanitized-html-directive-xssCVE-2026-46368: Openwrt Rpcd Init Command Injectioncve-2026-46368-openwrt-rpcd-init-command-injectionCVE-2026-46719: Perl Net Statsd Lite Metric Injectioncve-2026-46719-perl-net-statsd-lite-metric-injectionCVE-2026-47744: Livewire Password Get Leakcve-2026-47744-livewire-password-get-leakCVE-2026-8700: Perl Rand For Cryptographic Bytescve-2026-8700-perl-rand-for-cryptographic-bytesCVE-2026-8704: Perl Unsafe Two Arg Opencve-2026-8704-perl-unsafe-two-arg-openOther Ios Self Signed Sslgitlab-sast-rules-lgpl-oc-other-rule-ios-self-signed-sslOther Ios Webview Ignore Sslgitlab-sast-rules-lgpl-oc-other-rule-ios-webview-ignore-ssl