Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
14
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: nodejs-ecosystem
[larvitbase-www] Unintended Require
Node.js third-party modules Remote File Inclusion (CWE-98)
Medium
2019-09-03
[public] Path traversal using symlink
Node.js third-party modules Path Traversal (CWE-22)
Medium
2019-08-28
[larvitbase-api] Unintended Require
Node.js third-party modules Remote File Inclusion (CWE-98)CVE-2019-5479
Medium
2019-08-20
[http-file-server] Stored XSS in the filename when directories listing
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-5458
Medium
2019-07-24
[min-http-server] Stored XSS in the filename when directories listing
Node.js third-party modules CVE-2019-5457
Medium
2019-07-24
[domokeeper] Unintended Require
Node.js third-party modules Path Traversal (CWE-22)
Medium
2019-07-04
[takeapeek] XSS via HTML tag injection in directory lisiting page
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-07-01
XSS in Bootbox
Node.js third-party modules Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2019-05-04
[harp] Path traversal using symlink
Node.js third-party modules Path Traversal (CWE-22)CVE-2019-5438
Medium
2019-04-09
[harp] File access even when they have been set to be ignored.
Node.js third-party modules Information Exposure Through Directory Listing (CWE-548)CVE-2019-5437
Medium
2019-04-06
typeorm does not properly escape parameters when building SQL queries, resulting in potential SQLi
Node.js third-party modules SQL Injection (CWE-89)
Medium
2019-04-03
Prototype pollution attack (smart-extend)
Node.js third-party modules
Medium
2019-04-03
[servey] Path Traversal allows to retrieve content of any file with extension from remote server
Node.js third-party modules Path Traversal (CWE-22)CVE-2020-8214
Medium
2019-04-03
Media parsing in canvas is at least vulnerable to Denial of Service through multiple vulnerabilities
Node.js third-party modules Classic Buffer Overflow (CWE-120)CVE-2020-8215
Medium
2019-04-03
[statics-server] Path Traversal due to lack of provided path sanitization
Node.js third-party modules Path Traversal (CWE-22)
Medium
2019-04-03
Regular Expression Denial of Service (ReDoS)
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)
Medium
2019-04-03
Prototype pollution attack through jQuery $.extend
Node.js third-party modules Modification of Assumed-Immutable Data (MAID) (CWE-471)CVE-2019-11358
Medium
2019-04-02
Reflected XSS in the npm module express-cart.
Node.js third-party modules Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-02-15
Prototype pollution attack (upmerge)
Node.js third-party modules
Medium
2019-02-04
Prototype pollution attack (lutils-merge)
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)
Medium
2018-12-17
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895