{% rowheaders %}

| Query name | Related CWEs | Default | Extended | {% data variables.copilot.copilot_autofix_short %} |
| --- | --- | --- | --- | --- |
| [Arbitrary file access during archive extraction ("Zip Slip")](https://codeql.github.com/codeql-query-help/javascript/js-zipslip/) | 022 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Bad HTML filtering regexp](https://codeql.github.com/codeql-query-help/javascript/js-bad-tag-filter/) | 020, 080, 116, 184, 185, 186 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Case-sensitive middleware path](https://codeql.github.com/codeql-query-help/javascript/js-case-sensitive-middleware-path/) | 178 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Clear text storage of sensitive information](https://codeql.github.com/codeql-query-help/javascript/js-clear-text-storage-of-sensitive-data/) | 312, 315, 359 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Clear text transmission of sensitive cookie](https://codeql.github.com/codeql-query-help/javascript/js-clear-text-cookie/) | 614, 311, 312, 319 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Clear-text logging of sensitive information](https://codeql.github.com/codeql-query-help/javascript/js-clear-text-logging/) | 312, 359, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Client-side cross-site scripting](https://codeql.github.com/codeql-query-help/javascript/js-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Client-side URL redirect](https://codeql.github.com/codeql-query-help/javascript/js-client-side-unvalidated-url-redirection/) | 079, 116, 601 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Code injection](https://codeql.github.com/codeql-query-help/javascript/js-code-injection/) | 094, 095, 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [CORS misconfiguration for credentials transfer](https://codeql.github.com/codeql-query-help/javascript/js-cors-misconfiguration-for-credentials/) | 346, 639, 942 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Creating biased random numbers from a cryptographically secure source](https://codeql.github.com/codeql-query-help/javascript/js-biased-cryptographic-random/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cross-window communication with unrestricted target origin](https://codeql.github.com/codeql-query-help/javascript/js-cross-window-information-leak/) | 201, 359 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Database query built from user-controlled sources](https://codeql.github.com/codeql-query-help/javascript/js-sql-injection/) | 089, 090, 943 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Dependency download using unencrypted communication channel](https://codeql.github.com/codeql-query-help/javascript/js-insecure-dependency/) | 300, 319, 494, 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Deserialization of user-controlled data](https://codeql.github.com/codeql-query-help/javascript/js-unsafe-deserialization/) | 502 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Disabling certificate validation](https://codeql.github.com/codeql-query-help/javascript/js-disabling-certificate-validation/) | 295, 297 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Disabling Electron webSecurity](https://codeql.github.com/codeql-query-help/javascript/js-disabling-electron-websecurity/) | 079 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Disabling SCE](https://codeql.github.com/codeql-query-help/javascript/js-angular-disabling-sce/) | 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [DOM text reinterpreted as HTML](https://codeql.github.com/codeql-query-help/javascript/js-xss-through-dom/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Double compilation](https://codeql.github.com/codeql-query-help/javascript/js-angular-double-compilation/) | 1176 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Double escaping or unescaping](https://codeql.github.com/codeql-query-help/javascript/js-double-escaping/) | 116, 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Download of sensitive file through insecure connection](https://codeql.github.com/codeql-query-help/javascript/js-insecure-download/) | 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Enabling Electron allowRunningInsecureContent](https://codeql.github.com/codeql-query-help/javascript/js-enabling-electron-insecure-content/) | 494 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Exception text reinterpreted as HTML](https://codeql.github.com/codeql-query-help/javascript/js-xss-through-exception/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Exposure of private files](https://codeql.github.com/codeql-query-help/javascript/js-exposure-of-private-files/) | 200, 219, 548 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Host header poisoning in email generation](https://codeql.github.com/codeql-query-help/javascript/js-host-header-forgery-in-email-generation/) | 640 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Improper code sanitization](https://codeql.github.com/codeql-query-help/javascript/js-bad-code-sanitization/) | 094, 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Inclusion of functionality from an untrusted source](https://codeql.github.com/codeql-query-help/javascript/js-functionality-from-untrusted-source/) | 830 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Incomplete HTML attribute sanitization](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-html-attribute-sanitization/) | 079, 116, 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete multi-character sanitization](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-multi-character-sanitization/) | 020, 080, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete regular expression for hostnames](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-hostname-regexp/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete string escaping or encoding](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-sanitization/) | 020, 080, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete URL scheme check](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-url-scheme-check/) | 020, 184 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete URL substring sanitization](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-url-substring-sanitization/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incorrect suffix check](https://codeql.github.com/codeql-query-help/javascript/js-incorrect-suffix-check/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Inefficient regular expression](https://codeql.github.com/codeql-query-help/javascript/js-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Information exposure through a stack trace](https://codeql.github.com/codeql-query-help/javascript/js-stack-trace-exposure/) | 209, 497 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure configuration of Helmet security middleware](https://codeql.github.com/codeql-query-help/javascript/js-insecure-helmet-configuration/) | 693, 1021 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure randomness](https://codeql.github.com/codeql-query-help/javascript/js-insecure-randomness/) | 338 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure URL whitelist](https://codeql.github.com/codeql-query-help/javascript/js-angular-insecure-url-whitelist/) | 183, 625 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [JWT missing secret or public key verification](https://codeql.github.com/codeql-query-help/javascript/js-jwt-missing-verification/) | 347 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Loop bound injection](https://codeql.github.com/codeql-query-help/javascript/js-loop-bound-injection/) | 834, 730 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing CSRF middleware](https://codeql.github.com/codeql-query-help/javascript/js-missing-token-validation/) | 352 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing rate limiting](https://codeql.github.com/codeql-query-help/javascript/js-missing-rate-limiting/) | 770, 307, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Overly permissive regular expression range](https://codeql.github.com/codeql-query-help/javascript/js-overly-large-range/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Permissive CORS configuration](https://codeql.github.com/codeql-query-help/javascript/js-cors-permissive-configuration/) | 942 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Polynomial regular expression used on uncontrolled data](https://codeql.github.com/codeql-query-help/javascript/js-polynomial-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Prototype-polluting assignment](https://codeql.github.com/codeql-query-help/javascript/js-prototype-polluting-assignment/) | 078, 079, 094, 400, 471, 915 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Prototype-polluting function](https://codeql.github.com/codeql-query-help/javascript/js-prototype-pollution-utility/) | 078, 079, 094, 400, 471, 915 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Prototype-polluting merge call](https://codeql.github.com/codeql-query-help/javascript/js-prototype-pollution/) | 078, 079, 094, 400, 471, 915 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Reflected cross-site scripting](https://codeql.github.com/codeql-query-help/javascript/js-reflected-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Regular expression injection](https://codeql.github.com/codeql-query-help/javascript/js-regex-injection/) | 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Replacement of a substring with itself](https://codeql.github.com/codeql-query-help/javascript/js-identity-replacement/) | 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Resource exhaustion](https://codeql.github.com/codeql-query-help/javascript/js-resource-exhaustion/) | 400, 770 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Resources exhaustion from deep object traversal](https://codeql.github.com/codeql-query-help/javascript/js-resource-exhaustion-from-deep-object-traversal/) | 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Second order command injection](https://codeql.github.com/codeql-query-help/javascript/js-second-order-command-line-injection/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Sensitive data read from GET request](https://codeql.github.com/codeql-query-help/javascript/js-sensitive-get-query/) | 598 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Sensitive server cookie exposed to the client](https://codeql.github.com/codeql-query-help/javascript/js-client-exposed-cookie/) | 1004 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Server crash](https://codeql.github.com/codeql-query-help/javascript/js-server-crash/) | 248, 730 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Server-side request forgery](https://codeql.github.com/codeql-query-help/javascript/js-request-forgery/) | 918 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Server-side URL redirect](https://codeql.github.com/codeql-query-help/javascript/js-server-side-unvalidated-url-redirection/) | 601 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Shell command built from environment values](https://codeql.github.com/codeql-query-help/javascript/js-shell-command-injection-from-environment/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Storage of sensitive information in build artifact](https://codeql.github.com/codeql-query-help/javascript/js-build-artifact-leak/) | 312, 315, 359 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Stored cross-site scripting](https://codeql.github.com/codeql-query-help/javascript/js-stored-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Template Object Injection](https://codeql.github.com/codeql-query-help/javascript/js-template-object-injection/) | 073, 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Type confusion through parameter tampering](https://codeql.github.com/codeql-query-help/javascript/js-type-confusion-through-parameter-tampering/) | 843 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled command line](https://codeql.github.com/codeql-query-help/javascript/js-command-line-injection/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/javascript/js-path-injection/) | 022, 023, 036, 073, 099 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unnecessary use of `cat` process](https://codeql.github.com/codeql-query-help/javascript/js-unnecessary-use-of-cat/) | 078 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe dynamic method access](https://codeql.github.com/codeql-query-help/javascript/js-unsafe-dynamic-method-access/) | 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe expansion of self-closing HTML tag](https://codeql.github.com/codeql-query-help/javascript/js-unsafe-html-expansion/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe HTML constructed from library input](https://codeql.github.com/codeql-query-help/javascript/js-html-constructed-from-input/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe jQuery plugin](https://codeql.github.com/codeql-query-help/javascript/js-unsafe-jquery-plugin/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe shell command constructed from library input](https://codeql.github.com/codeql-query-help/javascript/js-shell-command-constructed-from-input/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Untrusted domain used in script or other content](https://codeql.github.com/codeql-query-help/javascript/js-functionality-from-untrusted-domain/) | 830 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Unvalidated dynamic method call](https://codeql.github.com/codeql-query-help/javascript/js-unvalidated-dynamic-method-call/) | 754 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a broken or weak cryptographic algorithm](https://codeql.github.com/codeql-query-help/javascript/js-weak-cryptographic-algorithm/) | 327, 328 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a weak cryptographic key](https://codeql.github.com/codeql-query-help/javascript/js-insufficient-key-size/) | 326 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of externally-controlled format string](https://codeql.github.com/codeql-query-help/javascript/js-tainted-format-string/) | 134 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of password hash with insufficient computational effort](https://codeql.github.com/codeql-query-help/javascript/js-insufficient-password-hash/) | 916 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Useless regular-expression character escape](https://codeql.github.com/codeql-query-help/javascript/js-useless-regexp-character-escape/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XML external entity expansion](https://codeql.github.com/codeql-query-help/javascript/js-xxe/) | 611, 827 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XML internal entity expansion](https://codeql.github.com/codeql-query-help/javascript/js-xml-bomb/) | 776, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XPath injection](https://codeql.github.com/codeql-query-help/javascript/js-xpath-injection/) | 643 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Client-side request forgery](https://codeql.github.com/codeql-query-help/javascript/js-client-side-request-forgery/) | 918 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Empty password in configuration file](https://codeql.github.com/codeql-query-help/javascript/js-empty-password-in-configuration-file/) | 258, 862 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Failure to abandon session](https://codeql.github.com/codeql-query-help/javascript/js-session-fixation/) | 384 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [File data in outbound network request](https://codeql.github.com/codeql-query-help/javascript/js-file-access-to-http/) | 200 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Hard-coded data interpreted as code](https://codeql.github.com/codeql-query-help/javascript/js-hardcoded-data-interpreted-as-code/) | 506 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Indirect uncontrolled command line](https://codeql.github.com/codeql-query-help/javascript/js-indirect-command-line-injection/) | 078, 088 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure temporary file](https://codeql.github.com/codeql-query-help/javascript/js-insecure-temporary-file/) | 377, 378 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Log injection](https://codeql.github.com/codeql-query-help/javascript/js-log-injection/) | 117 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing origin verification in `postMessage` handler](https://codeql.github.com/codeql-query-help/javascript/js-missing-origin-check/) | 020, 940 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing regular expression anchor](https://codeql.github.com/codeql-query-help/javascript/js-regex-missing-regexp-anchor/) | 020 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Network data written to file](https://codeql.github.com/codeql-query-help/javascript/js-http-to-file-access/) | 912, 434 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Potential file system race condition](https://codeql.github.com/codeql-query-help/javascript/js-file-system-race/) | 367 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Remote property injection](https://codeql.github.com/codeql-query-help/javascript/js-remote-property-injection/) | 250, 400 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Sensitive cookie without SameSite restrictions](https://codeql.github.com/codeql-query-help/javascript/js-samesite-none-cookie/) | 1275 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe code constructed from library input](https://codeql.github.com/codeql-query-help/javascript/js-unsafe-code-construction/) | 094, 079, 116 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [User-controlled bypass of security check](https://codeql.github.com/codeql-query-help/javascript/js-user-controlled-bypass/) | 807, 290 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |

{% endrowheaders %}