https://securitylab.github.com/research/apache-dubbo/
https://securitylab.github.com/research/NSA-emissary/
https://securitylab.github.com/research/rhino-in-the-room/
https://securitylab.github.com/research/in-memory-data-grid-vulnerabilities/
https://securitylab.github.com/research/apache-struts-double-evaluation/
https://securitylab.github.com/research/apache-struts-CVE-2018-11776/
https://securitylab.github.com/research/apache-struts-vulnerability-cve-2017-9805/
https://github.com/githubsatelliteworkshops/codeql/blob/master/java.md
https://help.semmle.com/QL/ql-training/java/apache-struts-java.html#1
https://securitylab.github.com/research/spring-data-rest-CVE-2017-8046-ql/
https://securitylab.github.com/research/spring_amqp_exploit_CVE-2017-8045/
https://blog.gypsyengineer.com/en/security/detecting-dangerous-spring-exporters-with-codeql.html
https://infosecwriteups.com/analyzing-cve-2022-22980-to-discover-a-real-exploitable-path-in-the-source-code-review-process-with-145d97717656
https://securitylab.github.com/research/hessian-java-deserialization-castor-vulnerabilities/
https://securitylab.github.com/research/swagger-yaml-parser-vulnerability/
https://blog.gypsyengineer.com/en/security/detecting-dangerous-rmi-objects-with-codeql.html
https://medium.com/codex/hunting-for-xss-with-codeql-57f70763b938
https://intrigus.org/research/2021/08/05/finding-insecure-jwt-signature-validation-with-codeql/
https://securitylab.github.com/research/insecure-deserialization/
https://www.synacktiv.com/publications/finding-gadgets-like-its-2022.html
https://www.youtube.com/watch?v=qStzSfsEQGQ
https://betterprogramming.pub/how-to-find-and-fix-timing-attacks-in-your-java-code-11291a4f7cd
https://www.usenix.org/legacy/event/sec05/tech/full_papers/livshits/livshits.pdf https://hitcon.org/2020/slides/Discover%20vulnerabilities%20with%20CodeQL.pdf