This change log includes updates to detectors made in May 2026.
java-ffm-type-confusion
java-insecure-simple-web-server
java-resolver-race-condition
java-simple-web-server-uncontrolled-resource-consumption
java-unbounded-concurrent-task-creation
java-unsafe-memory-segment-access-no-bounds-check
python-asyncio-race-condition
python-asyncio-task-cleanup
python-debug-port-exposure
python-itertools-batched-resource-exhaustion
python-mass-assignment
python-zstd-unbounded-decompression
typescript-cdk-s3-overly-permissive-cors
java-sql-injection-ide
java-untrusted-load-java
kotlin-bad-hexa-conversion
kotlin-insufficient-key-size
kotlin-os-command-injection-ide
python-code-injection
python-file-injection
python-insecure-random
python-os-command-injection-ide
python-path-traversal-hb
python-path-traversal-ide
python-remote-debug-in-production
ruby-code-injection
ruby-code-injection-ide
ruby-cross-site-scripting
ruby-cross-site-scripting-ide
ruby-no-sql-injection-ide
ruby-os-command-injection-ide
ruby-path-injection
ruby-sql-injection-active-record
ruby-sql-injection-ide
ruby-untrusted-send
ruby-weak-hash-algorithm
scala-os-command-injection-ide
scala-weak-message-digest
typescript-path-traversal-ide
No rules were disabled in May 2026.