目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
14
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:nodejs
Dependency Policy Bypass via process.binding
Node.js Privilege Escalation (CAPEC-233)CVE-2023-32559
Medium
2023-08-23
Renaming/aliasing relative symbolic links potentially redirects them to supposedly inaccessible locations
Node.js Privilege Escalation (CAPEC-233)
Medium
2023-08-15
Policy-restricted modules can escalate to higher privileges by impersonating other modules in a policy list using module.constructor.createRequire()
Node.js Privilege Escalation (CAPEC-233)CVE-2023-32006
Medium
2023-08-11
Node 18 reads openssl.cnf from /home/iojs/build/... upon startup.
Node.js Cryptographic Issues - Generic (CWE-310)CVE-2022-32222
Medium
2023-08-11
DiffieHellman doesn't generate keys after setting a key
Node.js Inconsistency Between Implementation and Documented Design (CWE-1068)CVE-2023-30590
Medium
2023-07-20
node.js process aborts when processing x509 certs with invalid public key information
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2023-30588
Medium
2023-07-20
fs.openAsBlob() bypasses permission system
Node.js Improper Access Control - Generic (CWE-284)CVE-2023-30583
Medium
2023-07-20
fs module's file watching is not restricted by --allow-fs-read
Node.js Improper Access Control - Generic (CWE-284)CVE-2023-30582
Medium
2023-07-20
OpenSSL engines can be used to bypass and/or disable the permission model
Node.js Privilege Escalation (CAPEC-233)CVE-2023-30586
Medium
2023-06-22
HTTP Request Smuggling via Empty headers separated by CR
Node.js HTTP Request Smuggling (CWE-444)CVE-2023-30589
Medium
2023-06-20
CRLF Injection in Nodejs ‘undici’ via host
Node.js CRLF Injection (CWE-93)
Medium
2023-02-22
Multiple OpenSSL error handling issues in nodejs crypto library
Node.js Cryptographic Issues - Generic (CWE-310)CVE-2023-23919
Medium
2023-02-17
Take over subdomain undici.nodejs.org.cdn.cloudflare.net
Node.js Array Index Underflow (CWE-129)
Medium
2023-01-11
DNS rebinding in --inspect via invalid octal IP address
Node.js OS Command Injection (CWE-78)CVE-2022-43548
Medium
2022-12-07
Node 18 reads openssl.cnf from /home/iojs/build/... upon startup on MacOS
Node.js Cryptographic Issues - Generic (CWE-310)CVE-2022-32222
Medium
2022-10-26
HTTP Request Smuggling Due to Incorrect Parsing of Header Fields
Node.js HTTP Request Smuggling (CWE-444)CVE-2022-35256
Medium
2022-10-26
CVE-2022-32213 bypass via obs-fold mechanic
Node.js HTTP Request Smuggling (CWE-444)CVE-2022-32213
Medium
2022-10-26
HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding (improper fix for CVE-2022-32215)
Node.js HTTP Request Smuggling (CWE-444)CVE-2022-32215
Medium
2022-10-26
Off-by-slash vulnerability in nodejs.org and iojs.org
Node.js Path Traversal (CWE-22)
Medium
2022-08-24
HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding
Node.js HTTP Request Smuggling (CWE-444)CVE-2022-32213
Medium
2022-07-07
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895