Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
14
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: nodejs
HashDoS in V8
Node.js Cryptographic Issues - Generic (CWE-310)CVE-2026-21717
Medium
2026-03-30
Timing side-channel in HMAC verification via memcmp() in crypto_hmac.cc leads to potential MAC forgery
Node.js Cryptographic Issues - Generic (CWE-310)CVE-2026-21713
Medium
2026-03-30
Node.js Permission Model bypass: UDS server bind/listen works without `--allow-net`
Node.js Improper Access Control - Generic (CWE-284)CVE-2026-21711
Medium
2026-03-30
Memory leak in Node.js HTTP/2 server via WINDOW_UPDATE on stream 0 leads to resource exhaustion
Node.js Missing Release of Memory after Effective Lifetime (CWE-401)CVE-2026-21714
Medium
2026-03-30
Assertion error in node_url.cc via malformed URL format leads to Node.js crash
Node.js Reachable Assertion (CWE-617)CVE-2026-21712
Medium
2026-03-26
TLS PSK/ALPN Callback Exceptions Bypass Error Handlers, Causing DoS and FD Leak
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2026-21637
Medium
2026-02-12
Node.js permission model bypass via unchecked Unix Domain Socket connections (UDS)
Node.js Server-Side Request Forgery (SSRF) (CWE-918)CVE-2026-21636
Medium
2026-02-12
Uncatchable "Maximum call stack size exceeded" error on Node.js via async_hooks leads to process crashes bypassing error handlers
Node.js Improper Handling of Exceptional Conditions (CWE-755)CVE-2025-59466
Medium
2026-02-12
Memory leak that enables remote Denial of Service against applications processing TLS client certificates
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2025-59464
Medium
2026-02-12
Improper HTTP header block termination in llhttp
Node.js HTTP Request Smuggling (CWE-444)CVE-2025-23167
Medium
2025-06-13
WASI sandbox escape via symlink
Node.js Privilege Escalation (CAPEC-233)
Medium
2025-05-24
GOAWAY HTTP/2 frames cause memory leak outside heap
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2025-23085
Medium
2025-02-06
Path traversal by drive name in Windows environment
Node.js Path Traversal (CWE-22)CVE-2025-23084
Medium
2025-01-27
Usage of unsafe random function in undici for choosing boundary
Node.js Use of Insufficiently Random Values (CWE-330)CVE-2025-22150
Medium
2025-01-23
Bypass network import restriction via data URL
Node.js Improper Access Control - Generic (CWE-284)CVE-2024-22020
Medium
2024-07-08
HTTP Request Smuggling via Content Length Obfuscation
Node.js HTTP Request Smuggling (CWE-444)CVE-2024-27982
Medium
2024-05-03
Denial of Service by resource exhaustion in fetch() brotli decoding
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2024-22025
Medium
2024-03-16
Improper handling of wildcards in --allow-fs-read and --allow-fs-write
Node.js Improper Access Control - Generic (CWE-284)CVE-2024-21890
Medium
2024-02-15
Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding)
Node.js Use of a Broken or Risky Cryptographic Algorithm (CWE-327)CVE-2023-46809
Medium
2024-02-15
Integrity checks according to policies can be circumvented
Node.js Insufficient Verification of Data Authenticity (CWE-345)CVE-2023-38552
Medium
2023-10-13
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895