diff --git a/ql/src/semmle/go/frameworks/stdlib/NetHttp.qll b/ql/src/semmle/go/frameworks/stdlib/NetHttp.qll
index ed7cab2babd..b67ebbb3c28 100644
--- a/ql/src/semmle/go/frameworks/stdlib/NetHttp.qll
+++ b/ql/src/semmle/go/frameworks/stdlib/NetHttp.qll
@@ -252,6 +252,14 @@ module NetHttp {
       hasQualifiedName("net/http", "MaxBytesReader") and
       (inp.isParameter(1) and outp.isResult())
       or
+      // signature: func NewRequest(method, url string, body io.Reader) (*Request, error)
+      hasQualifiedName("net/http", "NewRequest") and
+      (inp.isParameter(1) and outp.isResult(0))
+      or
+      // signature: func NewRequestWithContext(ctx context.Context, method, url string, body io.Reader) (*Request, error)
+      hasQualifiedName("net/http", "NewRequestWithContext") and
+      (inp.isParameter(2) and outp.isResult(0))
+      or
       // signature: func ReadRequest(b *bufio.Reader) (*Request, error)
       hasQualifiedName("net/http", "ReadRequest") and
       (inp.isParameter(0) and outp.isResult(0))
diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/NetHttp.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/NetHttp.go
index f6e8ed06df9..ebf7fce029d 100644
--- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/NetHttp.go
+++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/NetHttp.go
@@ -27,6 +27,16 @@ func TaintStepTest_NetHttpMaxBytesReader_B0I0O0(sourceCQL interface{}) interface
 	return intoReadCloser957
 }
 
+func TaintStepTest_NetHttpNewRequest(taintedString string) interface{} {
+	result, _ := http.NewRequest("GET", taintedString, nil)
+	return result
+}
+
+func TaintStepTest_NetHttpNewRequestWithContext(taintedString string) interface{} {
+	result, _ := http.NewRequestWithContext(nil, "GET", taintedString, nil)
+	return result
+}
+
 func TaintStepTest_NetHttpReadRequest_B0I0O0(sourceCQL interface{}) interface{} {
 	fromReader520 := sourceCQL.(*bufio.Reader)
 	intoRequest443, _ := http.ReadRequest(fromReader520)
@@ -181,6 +191,16 @@ func RunAllTaints_NetHttp() {
 		out := TaintStepTest_NetHttpMaxBytesReader_B0I0O0(source)
 		sink(2, out)
 	}
+	{
+		source := newSource(24)
+		out := TaintStepTest_NetHttpNewRequest(source.(string))
+		sink(24, out)
+	}
+	{
+		source := newSource(25)
+		out := TaintStepTest_NetHttpNewRequestWithContext(source.(string))
+		sink(25, out)
+	}
 	{
 		source := newSource(3)
 		out := TaintStepTest_NetHttpReadRequest_B0I0O0(source)