I remember reading about something like this and Github their response was that the guy should stop according to their ToS. Their ToS blocks stuff like this to prevent spamming.
I thought about doing the exact same thing. But I wonder about the: limiting of the issue creation API on github and false positives. [The variable has been sanitized prior to being executed]
I don't like Issue bots, but it could actually be a huge value-add for GitHub to integrate these kinds of checks (as well as hardcoded credentials, etc) for their users.
After looking at the search result i can see that most of the results have legit reasons.
Instead of half-assing the problem, please dedicate 10 minute of your life to look in, analyze & report one or two of the problems you find.
Also explain why you think this is an security issue.
You will:
* help someone out by pointing out an issue
* hopefully educate the person how to write better code
* educate yourself in reading and understanding others spaghetti code
Someone should write a script that automatically raises an issues for each line and each project, it's probably possible, but I'm chronically lazy.