diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 7100087f8..36cdc2674 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -1,9 +1,9 @@
 name: "CodeQL"
 on:
   push:
-    branches: [ "master" ]
+    branches: [ "master", "master-copy" ]
   pull_request:
-    branches: [ "master" ]
+    branches: [ "master", "master-copy" ]
   schedule:
     - cron: '0 22 * * SUN'
 
diff --git a/packages/ckeditor5-dev-build-tools/bin/invalid-bin-in-ts.ts b/packages/ckeditor5-dev-build-tools/bin/invalid-bin-in-ts.ts
new file mode 100644
index 000000000..9d5aa2675
--- /dev/null
+++ b/packages/ckeditor5-dev-build-tools/bin/invalid-bin-in-ts.ts
@@ -0,0 +1 @@
+const vulnerableRegex = /^_(__|.)+_$/;
diff --git a/packages/ckeditor5-dev-build-tools/src/invalid-src-in-ts.js b/packages/ckeditor5-dev-build-tools/src/invalid-src-in-ts.js
new file mode 100644
index 000000000..9d5aa2675
--- /dev/null
+++ b/packages/ckeditor5-dev-build-tools/src/invalid-src-in-ts.js
@@ -0,0 +1 @@
+const vulnerableRegex = /^_(__|.)+_$/;
diff --git a/packages/ckeditor5-dev-build-tools/src/plugins/invalid-src-nested-in-ts.ts b/packages/ckeditor5-dev-build-tools/src/plugins/invalid-src-nested-in-ts.ts
new file mode 100644
index 000000000..9d5aa2675
--- /dev/null
+++ b/packages/ckeditor5-dev-build-tools/src/plugins/invalid-src-nested-in-ts.ts
@@ -0,0 +1 @@
+const vulnerableRegex = /^_(__|.)+_$/;
diff --git a/packages/ckeditor5-dev-build-tools/tests/invalid-tests-in-ts.js b/packages/ckeditor5-dev-build-tools/tests/invalid-tests-in-ts.js
new file mode 100644
index 000000000..9d5aa2675
--- /dev/null
+++ b/packages/ckeditor5-dev-build-tools/tests/invalid-tests-in-ts.js
@@ -0,0 +1 @@
+const vulnerableRegex = /^_(__|.)+_$/;
diff --git a/packages/ckeditor5-dev-release-tools/bin/invalid-bin-in-js.js b/packages/ckeditor5-dev-release-tools/bin/invalid-bin-in-js.js
new file mode 100644
index 000000000..9d5aa2675
--- /dev/null
+++ b/packages/ckeditor5-dev-release-tools/bin/invalid-bin-in-js.js
@@ -0,0 +1 @@
+const vulnerableRegex = /^_(__|.)+_$/;
diff --git a/packages/ckeditor5-dev-release-tools/lib/invalid-tests-in-js.js b/packages/ckeditor5-dev-release-tools/lib/invalid-tests-in-js.js
new file mode 100644
index 000000000..9d5aa2675
--- /dev/null
+++ b/packages/ckeditor5-dev-release-tools/lib/invalid-tests-in-js.js
@@ -0,0 +1 @@
+const vulnerableRegex = /^_(__|.)+_$/;
diff --git a/packages/ckeditor5-dev-release-tools/tests/invalid-tests-in-js.js b/packages/ckeditor5-dev-release-tools/tests/invalid-tests-in-js.js
new file mode 100644
index 000000000..9d5aa2675
--- /dev/null
+++ b/packages/ckeditor5-dev-release-tools/tests/invalid-tests-in-js.js
@@ -0,0 +1 @@
+const vulnerableRegex = /^_(__|.)+_$/;
diff --git a/scripts/invalid-scripts.js b/scripts/invalid-scripts.js
new file mode 100644
index 000000000..9d5aa2675
--- /dev/null
+++ b/scripts/invalid-scripts.js
@@ -0,0 +1 @@
+const vulnerableRegex = /^_(__|.)+_$/;