diff --git a/java/ql/lib/semmle/code/java/security/BrokenCryptoAlgorithmQuery.qll b/java/ql/lib/semmle/code/java/security/BrokenCryptoAlgorithmQuery.qll
index 4f9e39b23f2d..0c1f14c902b6 100644
--- a/java/ql/lib/semmle/code/java/security/BrokenCryptoAlgorithmQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/BrokenCryptoAlgorithmQuery.qll
@@ -12,6 +12,7 @@ private class ShortStringLiteral extends StringLiteral {
 /**
  * A string literal that may refer to a broken or risky cryptographic algorithm.
  */
+overlay[local?]
 class BrokenAlgoLiteral extends ShortStringLiteral {
   BrokenAlgoLiteral() {
     this.getValue().regexpMatch(getInsecureAlgorithmRegex()) and
diff --git a/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll b/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll
index 282133ec5c67..a03775990541 100644
--- a/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll
@@ -33,6 +33,7 @@ private class StaticByteArrayCreation extends ArrayCreationExpr {
 }
 
 /** An expression that updates `array`. */
+overlay[local?]
 private class ArrayUpdate extends Expr {
   Expr array;
 
diff --git a/java/ql/lib/semmle/code/java/security/UrlForwardQuery.qll b/java/ql/lib/semmle/code/java/security/UrlForwardQuery.qll
index 7234b4c788f5..895e824b3dbd 100644
--- a/java/ql/lib/semmle/code/java/security/UrlForwardQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/UrlForwardQuery.qll
@@ -69,6 +69,7 @@ private class FollowsBarrierPrefix extends UrlForwardBarrier {
   FollowsBarrierPrefix() { this.asExpr() = any(BarrierPrefix fp).getAnAppendedExpression() }
 }
 
+overlay[local?]
 private class BarrierPrefix extends InterestingPrefix {
   int offset;