diff --git a/java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll b/java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll
index 97ae75988b3b..1caadd3f8acd 100644
--- a/java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll
@@ -203,6 +203,7 @@ module TempDirSystemGetPropertyDirectlyToMkdir =
 /**
  * A `MethodCall` against a method that creates a temporary file or directory in a shared temporary directory.
  */
+overlay[local?]
 abstract class MethodCallInsecureFileCreation extends MethodCall {
   /**
    * Gets the type of entity created (e.g. `file`, `directory`, ...).
@@ -218,6 +219,7 @@ abstract class MethodCallInsecureFileCreation extends MethodCall {
 /**
  * An insecure call to `java.io.File.createTempFile`.
  */
+overlay[local?]
 class MethodCallInsecureFileCreateTempFile extends MethodCallInsecureFileCreation {
   MethodCallInsecureFileCreateTempFile() {
     this.getMethod() instanceof MethodFileCreateTempFile and
@@ -246,6 +248,7 @@ class MethodGuavaFilesCreateTempFile extends Method {
 /**
  * A call to the `com.google.common.io.Files.createTempDir` method.
  */
+overlay[local?]
 class MethodCallInsecureGuavaFilesCreateTempFile extends MethodCallInsecureFileCreation {
   MethodCallInsecureGuavaFilesCreateTempFile() {
     this.getMethod() instanceof MethodGuavaFilesCreateTempFile
diff --git a/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql b/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
index fb7a40052f0b..9257808dce49 100644
--- a/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
+++ b/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
@@ -16,6 +16,7 @@
 import java
 import semmle.code.java.dataflow.FlowSources
 
+overlay[local?]
 abstract private class InsecureNettyObjectCreation extends ClassInstanceExpr {
   int vulnerableArgumentIndex;
 
@@ -27,6 +28,7 @@ abstract private class InsecureNettyObjectCreation extends ClassInstanceExpr {
   abstract string splittingType();
 }
 
+overlay[local?]
 abstract private class RequestOrResponseSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation
 {
   override string splittingType() { result = "Request splitting or response splitting" }
@@ -35,6 +37,7 @@ abstract private class RequestOrResponseSplittingInsecureNettyObjectCreation ext
 /**
  * Request splitting can allowing an attacker to inject/smuggle an additional HTTP request into the socket connection.
  */
+overlay[local?]
 abstract private class RequestSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation
 {
   override string splittingType() { result = "Request splitting" }
@@ -43,11 +46,13 @@ abstract private class RequestSplittingInsecureNettyObjectCreation extends Insec
 /**
  * Response splitting can lead to HTTP vulnerabilities like XSS and cache poisoning.
  */
+overlay[local?]
 abstract private class ResponseSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation
 {
   override string splittingType() { result = "Response splitting" }
 }
 
+overlay[local?]
 private class InsecureDefaultHttpHeadersClassInstantiation extends RequestOrResponseSplittingInsecureNettyObjectCreation
 {
   InsecureDefaultHttpHeadersClassInstantiation() {
@@ -58,6 +63,7 @@ private class InsecureDefaultHttpHeadersClassInstantiation extends RequestOrResp
   }
 }
 
+overlay[local?]
 private class InsecureDefaultHttpResponseClassInstantiation extends ResponseSplittingInsecureNettyObjectCreation
 {
   InsecureDefaultHttpResponseClassInstantiation() {
@@ -66,6 +72,7 @@ private class InsecureDefaultHttpResponseClassInstantiation extends ResponseSpli
   }
 }
 
+overlay[local?]
 private class InsecureDefaultHttpRequestClassInstantiation extends RequestSplittingInsecureNettyObjectCreation
 {
   InsecureDefaultHttpRequestClassInstantiation() {
@@ -74,6 +81,7 @@ private class InsecureDefaultHttpRequestClassInstantiation extends RequestSplitt
   }
 }
 
+overlay[local?]
 private class InsecureDefaultFullHttpResponseClassInstantiation extends ResponseSplittingInsecureNettyObjectCreation
 {
   InsecureDefaultFullHttpResponseClassInstantiation() {
@@ -83,6 +91,7 @@ private class InsecureDefaultFullHttpResponseClassInstantiation extends Response
   }
 }
 
+overlay[local?]
 private class InsecureDefaultFullHttpRequestClassInstantiation extends RequestSplittingInsecureNettyObjectCreation
 {
   InsecureDefaultFullHttpRequestClassInstantiation() {