目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
14
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:ibb
CVE-2023-28322: more POST-after-PUT confusion
Internet Bug Bounty CVE-2023-28322
Low
2023-06-25
CVE-2023-28319: UAF in SSH sha256 fingerprint check
Internet Bug Bounty Use After Free (CWE-416)CVE-2023-28319
Medium
2023-06-25
CVE-2023-28320 - siglongjmp race condition
Internet Bug Bounty Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)CVE-2023-28320
Low
2023-05-26
Authenticated but unauthorized users may enumerate Application names via the API
Internet Bug Bounty Information Exposure Through an Error Message (CWE-209)CVE-2022-41354
Medium
2023-05-25
Privilege Esacalation at Apache Airflow 2.5.1
Internet Bug Bounty CVE-2023-25754
Medium
2023-05-18
Possible DoS Vulnerability in Multipart MIME parsing in rack
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)
Low
2023-04-27
CVE-2023-28755: ReDoS vulnerability in URI
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2023-28755
Medium
2023-04-26
ReDoS( Ruby, Time)
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2023-28756
High
2023-04-26
CVE-2023-27538: SSH connection too eager reuse still
Internet Bug Bounty Business Logic Errors (CWE-840)CVE-2023-27538
Low
2023-04-19
JWT audience claim is not verified
Internet Bug Bounty Missing Critical Step in Authentication (CWE-304)CVE-2023-22482
Critical
2023-04-16
Apache Airflow Google Cloud Sql Provider Remote Command Execution
Internet Bug Bounty Improper Input Validation (CWE-20)
Medium
2023-04-16
CVE-2023-25692: Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service and Remote Command Execution
Internet Bug Bounty Improper Input Validation (CWE-20)CVE-2023-25692
Low
2023-04-16
Security Unfavorable Specifications and Implementations in the CGI::Cookie Class
Internet Bug Bounty CVE-2021-33621
Low
2023-04-09
Ruby's CGI library has HTTP response splitting (HTTP header injection), leaking confidential information
Internet Bug Bounty CVE-2021-33621
High
2023-04-09
Use of Cryptographically Weak Pseudo-Random Number Generator in WebCrypto keygen
Internet Bug Bounty CVE-2022-35255
High
2023-04-09
Inadequate Encryption Strength in nodejs-current reads openssl.cnf from /home/iojs/build/... upon startup on MacOS
Internet Bug Bounty Cryptographic Issues - Generic (CWE-310)CVE-2022-32222
Medium
2023-04-09
HTTP Request Smuggling Due to Incorrect Parsing of Header Fields
Internet Bug Bounty HTTP Request Smuggling (CWE-444)CVE-2022-35256
Medium
2023-04-09
CRLF Injection in Nodejs ‘undici’ via host
Internet Bug Bounty CRLF Injection (CWE-93)CVE-2023-23936
Medium
2023-03-29
CVE-2023-23919: Multiple OpenSSL error handling issues in nodejs crypto library
Internet Bug Bounty Cryptographic Issues - Generic (CWE-310)CVE-2023-23919
Medium
2023-03-29
Open Redirect Vulnerability in Action Pack
Internet Bug Bounty Open Redirect (CWE-601)CVE-2023-22797
Medium
2023-03-26
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895