[nograpes]

In case anyone else was curious, the regular expression used is:

vulnpatterns = re.compile("(?i)(denial of service |\bXX E\b|remote code execution|\bopen redirect|OSVDB|\bvuln|\bCVE\b |\bXSS\b|\bReDoS\b|\bNVD\b|malicious|x−frame−options|attack|cross site |exploit|malicious|directory traversal |\bRCE\b|\bdos\b|\bXSRF \b|\bXSS\b|clickjack|session.fixation|hijack|\badvisory|\binsecure |security |\bcross−origin\b|unauthori[z|s]ed |infinite loop)")

[saagarjha]

This seems to be tuned towards web applications; I'd add things like "overflow", "corruption", and "disclose".

[adulau]

Indeed, good point. I'll add a set of regular expressions for bugs related to overflow, double-free or alike. Don't hesitate to make a pull-request or open an issue if you see anything missing.