Threat Intelligence Digest: May 2026
This digest covers 3,018 threat rule detections across 271 repositories.
Methodology: Analysis performed using Repobility’s proprietary multi-dimensional scanning engine.
Rule Category Breakdown
| Category | Detections | Percentage |
|---|---|---|
| Security Rules | 1,857 | 61.5% |
| Error Handling Rules | 1,017 | 33.7% |
| Configuration Rules | 144 | 4.8% |
Severity Distribution
| Severity | Count |
|---|---|
| Medium | 1,185 |
| Info | 969 |
| High | 438 |
| Low | 333 |
| Critical | 93 |
Most Active Rules
| Rule | Description | Detections |
|---|---|---|
| [ERR002] | Empty Catch Block: Empty catch blocks hide errors. | 374 |
| [SEC020] | Secret Printed to Logs: Debug or diagnostic code appears to print a credential-b | 355 |
| [SEC015] | Insecure Randomness for Security: Weak PRNG used in security-sensitive context. | 331 |
| [ERR001] | Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even | 268 |
| [SEC006] | XSS Risk: Direct HTML injection without sanitization. | 159 |
| [CFG003] | Docker COPY Everything: Copying entire directory may include secrets and build a | 117 |
| [SEC013] | Path Traversal — User Input in File Path: User-controlled input used in file pat | 98 |
| [ERR003] | Ignored Error (Go): Ignoring error return values. | 98 |
| [SEC005] | Command Injection Risk: Unsafe shell execution or eval of user input. | 76 |
| [SEC016] | LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolat | 75 |
| [SEC017] | Unbounded Input to LLM/External API: User input is passed to an LLM or external | 62 |
| [SEC012] | ZipSlip — Archive Path Traversal: Archive extraction without path validation all | 60 |
| [SEC004] | SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection. | 56 |
| [SEC007] | Unsafe Deserialization: Unsafe deserialization can execute arbitrary code. | 56 |
| [SEC001] | Hardcoded Password: Hardcoded password found in source code. | 50 |
Recommendations
- Prioritize Injection and Security rule violations as they represent the highest risk.
- Configuration rule violations often indicate insecure defaults that are straightforward to remediate.
- Error handling rules help prevent information disclosure in production environments.
Data sourced from Repobility’s continuous code intelligence platform analyzing 128,000+ repositories. Updated May 16, 2026.