Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,217
CVE-linked
1,854
Programs
342
New This Week
12
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: nodejs-ecosystem
Arbitrary File Write through archive extraction
Node.js third-party modules Path Traversal (CWE-22)CVE-2018-1002203
High
2018-08-12
Arbitrary File Write Through Archive Extraction
Node.js third-party modules CVE-2018-1002204
High
2018-08-12
Command Injection Vulnerability in win-fork/win-spawn Packages
Node.js third-party modules Command Injection - Generic (CWE-77)
High
2018-08-10
url-parse package return wrong hostname
Node.js third-party modules Open Redirect (CWE-601)CVE-2018-3774
High
2018-07-30
stored xss in scrape-metadata when reading metadata from an html page
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
High
2018-07-27
[markdown-pdf] Local file reading
Node.js third-party modules Path Traversal (CWE-22)CVE-2018-3770
Medium
2018-07-20
[ponse] Path traversal in ponse module allows to read any file on server
Node.js third-party modules Path Traversal (CWE-22)
High
2018-07-20
Stored XSS in Node-Red
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
High
2018-07-18
[entitlements] Command injection on the 'path' parameter
Node.js third-party modules Command Injection - Generic (CWE-77)
High
2018-07-18
[statics-server] XSS via injected iframe in file name when statics-server displays directory index in the browser
Node.js third-party modules Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2018-3771
Medium
2018-07-14
[m-server] HTML Injection in filenames displayed as directory listing in the browser allows to embed iframe with malicious JavaScript code
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2018-16484
Medium
2018-07-12
[m-server] Path Traversal allows to display content of arbitrary file(s) from the server
Node.js third-party modules Path Traversal (CWE-22)CVE-2018-16485
Medium
2018-07-12
Privilege escalation allows any user to add an administrator
Node.js third-party modules Privilege Escalation (CAPEC-233)CVE-2018-16483
Critical
2018-07-12
XSS in express-useragent through HTTP User-Agent
Node.js third-party modules Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2018-9863
Unknown
2018-07-06
[bruteser] Path Traversal allows to read content of arbitrary file
Node.js third-party modules Path Traversal (CWE-22)
Medium
2018-07-04
[buttle] HTML Injection in filename leads to XSS when directory listing is displayed in the browser
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-5422
Medium
2018-07-04
[serve] Server Directory Traversal
Node.js third-party modules Path Traversal (CWE-22)CVE-2019-5417
Critical
2018-07-02
Privilage escalation with malicious .npmrc
Node.js third-party modules Privilege Escalation (CAPEC-233)
High
2018-06-30
`memjs` allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)CVE-2018-3767
Critical
2018-06-27
[buttle] Path traversal in mid-buttle module allows to read any file in the server.
Node.js third-party modules Path Traversal (CWE-22)CVE-2018-3766
Critical
2018-06-27
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895