目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
14
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:security
Subdomain takeover #4 at info.hacker.one
HackerOne Privilege Escalation (CAPEC-233)
Low
2017-06-21
Information leakage via CSV when content is valid JavaScript
HackerOne Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-05-23
Race condition leads to duplicate payouts
HackerOne Improper Access Control - Generic (CWE-284)
Low
2017-05-23
A HackerOne employee's GitHub personal access token exposed in Travis CI build logs
HackerOne Information Exposure Through an Error Message (CWE-209)
Medium
2017-05-23
www.hackerone.com website CSP "script-src" includes "unsafe-inline"
HackerOne Violation of Secure Design Principles (CWE-657)
None
2017-05-23
Report invitation links not restricted to any existing user
HackerOne Information Disclosure (CWE-200)
Low
2017-05-23
Changing Victim's JIRA Integration Settings Through Multiple Bugs
HackerOne Business Logic Errors (CWE-840)
Medium
2017-05-23
WannaCrypt “Killswitch”
HackerOne
Unknown
2017-05-13
CRLF injection in info.hacker.one
HackerOne CRLF Injection (CWE-93)
Unknown
2017-05-03
Subdomain takeover #2 at info.hacker.one
HackerOne Privilege Escalation (CAPEC-233)
Low
2017-04-28
Able to create basic user account via Google login on HackerOne Drupal CMS
HackerOne Improper Authentication - Generic (CWE-287)
Unknown
2017-04-25
HackerOne is still prone to Internet Explorer UXSS
HackerOne Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-04-19
javascript: and mailto: links are allowed in JIRA integration settings
HackerOne Violation of Secure Design Principles (CWE-657)
Low
2017-04-10
Example HackerOne security@ forward domain is not registered
HackerOne Violation of Secure Design Principles (CWE-657)
Unknown
2017-04-10
Transitioning a Private Program to Public Does Not Clear Previously Private Updates to Hackers
HackerOne Information Disclosure (CWE-200)
Medium
2017-04-05
IE 11 Self-XSS on Jira Integration Preview Base Link
HackerOne Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-03-29
Subdomain takeover at info.hacker.one
HackerOne Privilege Escalation (CAPEC-233)
Low
2017-03-27
Limited Open redirection using SSO-SAML
HackerOne Open Redirect (CWE-601)
Low
2017-03-26
Google Analytics could be used as CSP bypass for data exfiltration on hackerone.com
HackerOne Violation of Secure Design Principles (CWE-657)
Low
2017-03-26
Websites opened from reports can change url of report page
HackerOne Open Redirect (CWE-601)
Medium
2017-02-25
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895