目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
14
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:nodejs-ecosystem
[bl] Uninitialized memory exposure via negative .consume()
Node.js third-party modules Buffer Over-read (CWE-126)CVE-2020-8244
High
2020-08-27
[min-http-server] List any file in the folder by using path traversal.
Node.js third-party modules Path Traversal (CWE-22)
High
2020-08-26
[json-bigint] DoS via `__proto__` assignment
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)CVE-2020-8237
High
2020-08-25
Prototype Pollution lodash 4.17.15
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)
High
2020-08-21
[object-path-set] Prototype pollution
Node.js third-party modules Modification of Assumed-Immutable Data (MAID) (CWE-471)
High
2020-08-20
[wappalyzer] ReDoS allows an attacker to completely break Wappalyzer
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)
High
2020-08-06
[is-my-json-valid] ReDoS via 'style' format
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)
High
2020-07-31
bunyan - RCE via insecure command formatting
Node.js third-party modules Code Injection (CWE-94)
High
2020-06-27
[sapper] Path Traversal
Node.js third-party modules Path Traversal (CWE-22)
High
2020-06-18
[wappalyzer] ReDoS allows an attacker to completely break Wappalyzer
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)
High
2020-06-18
[logkitty] RCE via insecure command formatting
Node.js third-party modules Code Injection (CWE-94)CVE-2020-8149
High
2020-05-09
Prototype pollution attack (lodash)
Node.js third-party modules Allocation of Resources Without Limits or Throttling (CWE-770)CVE-2020-8203
High
2020-04-27
[blamer] RCE via insecure command formatting
Node.js third-party modules Code Injection (CWE-94)CVE-2020-8137
High
2020-03-10
Server Side Request Forgery in Uppy npm module
Node.js third-party modules Server-Side Request Forgery (SSRF) (CWE-918)CVE-2020-8135
High
2020-03-02
[jsreport] Remote Code Execution
Node.js third-party modules Remote File Inclusion (CWE-98)CVE-2020-8128
High
2020-02-07
[increments] sql injection
Node.js third-party modules SQL Injection (CWE-89)
High
2020-02-02
[@azhou/basemodel] SQL injection
Node.js third-party modules SQL Injection (CWE-89)
High
2020-02-02
[deliver-or-else] Path Traversal
Node.js third-party modules Path Traversal (CWE-22)
High
2020-01-29
[md-fileserver] Path Traversal
Node.js third-party modules Path Traversal (CWE-22)
High
2020-01-29
[file-browser] Inadequate Output Encoding and Escaping
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
High
2020-01-29
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895