目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,262
关联 CVE
1,866
参与项目数
343
近 7 天新增
0
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 654 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:nodejs-ecosystem
[git-promise] RCE via insecure command formatting
Node.js third-party modules Code Injection (CWE-94)
Medium
2020-04-25
[utils-extend] Prototype pollution
Node.js third-party modules Modification of Assumed-Immutable Data (MAID) (CWE-471)CVE-2020-8147
Critical
2020-04-02
[htmr] DOM-based XSS
Node.js third-party modules Cross-site Scripting (XSS) - DOM (CWE-79)
Medium
2020-03-15
[blamer] RCE via insecure command formatting
Node.js third-party modules Code Injection (CWE-94)CVE-2020-8137
High
2020-03-10
Server-Side Request Forgery (SSRF) in Ghost CMS
Node.js third-party modules Server-Side Request Forgery (SSRF) (CWE-918)CVE-2020-8134
Medium
2020-03-09
Server Side Request Forgery in Uppy npm module
Node.js third-party modules Server-Side Request Forgery (SSRF) (CWE-918)CVE-2020-8135
High
2020-03-02
Prototype pollution in multipart parsing
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)CVE-2020-8136
Critical
2020-02-28
[yarn] yarn.lock integrity & hash check logic is broken
Node.js third-party modules Business Logic Errors (CWE-840)CVE-2019-15608
Critical
2020-02-26
Several simple remote code execution in pdf-image
Node.js third-party modules Code Injection (CWE-94)CVE-2020-8132
Critical
2020-02-24
[reveal.js] XSS by calling arbitrary method via postMessage
Node.js third-party modules Cross-site Scripting (XSS) - DOM (CWE-79)CVE-2020-8127
Medium
2020-02-18
Filesystem Writes via `yarn install` via symlinks and tar transforms inside a crafted malicious package
Node.js third-party modules Path Traversal (CWE-22)CVE-2020-8131
Medium
2020-02-15
[jsreport] Remote Code Execution
Node.js third-party modules Remote File Inclusion (CWE-98)CVE-2020-8128
High
2020-02-07
[script-manager] Unintended require
Node.js third-party modules Code Injection (CWE-94)CVE-2020-8129
Low
2020-02-07
[increments] sql injection
Node.js third-party modules SQL Injection (CWE-89)
High
2020-02-02
[listening-processes] Command Injection
Node.js third-party modules OS Command Injection (CWE-78)
Critical
2020-02-02
[@azhou/basemodel] SQL injection
Node.js third-party modules SQL Injection (CWE-89)
High
2020-02-02
Command Injection vulnerability in kill-port-process package
Node.js third-party modules Command Injection - Generic (CWE-77)CVE-2019-15609
Medium
2020-01-30
[deliver-or-else] Path Traversal
Node.js third-party modules Path Traversal (CWE-22)
High
2020-01-29
[md-fileserver] Path Traversal
Node.js third-party modules Path Traversal (CWE-22)
High
2020-01-29
[file-browser] Inadequate Output Encoding and Escaping
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
High
2020-01-29
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify465
curl464
Node.js third-party modules307
GitLab258
X / xAI250 $7,000
Uber239