漏洞赏金情报

数据来源：HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告，按严重程度、漏洞类型或目标项目筛选，关联 CVE 编号。

已披露报告

12,219

关联 CVE

1,854

参与项目数

342

近 7 天新增

10

严重度: All Critical High Medium Low

类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375

项目筛选：mariadb✕

Grafana LFI on https://grafana.mariadb.org

MariaDB Remote File Inclusion (CWE-98)

Medium

2022-01-06

Path Traversal CVE-2021-26086 CVE-2021-26085

MariaDB Path Traversal (CWE-22)CVE-2021-26085 CVE-2021-26086

Medium

2021-11-05

Medium

2021-05-27

Named pipe connection inteception

MariaDB Business Logic Errors (CWE-840)

High

2020-12-17

Path traversal in command line client

MariaDB Path Traversal (CWE-22)

Medium

2020-05-28

scripts loader (denial of service) vulnerability

MariaDB Uncontrolled Resource Consumption (CWE-400)CVE-2018-6389

Low

2020-03-19

Ubuntu/Debian installation method allows key poisoning and code execution for network attacker

MariaDB Cryptographic Issues - Generic (CWE-310)

Medium

2020-01-21

Exposed debug.log file leads to information disclosure

MariaDB Information Disclosure (CWE-200)

Medium

2020-01-15

smtp service vulnerable to POODLE SSLv3

MariaDB Cryptographic Issues - Generic (CWE-310)CVE-2014-3566

Low

2019-05-11

CRLF injection at https://mariadb.org/.

MariaDB CRLF Injection (CWE-93)

Medium

2019-02-21

[downloads.mariadb.org] CRLF injection in case of encoded query mark

MariaDB CRLF Injection (CWE-93)

Medium

2019-02-14

CRLF injection on https://buildbot.mariadb.org

MariaDB CRLF Injection (CWE-93)

Medium

2019-02-04

Github wiki is editable by anyone

MariaDB Improper Access Control - Generic (CWE-284)

Medium

2018-12-10

Incorrect Permission Assignment for Critical Resource

MariaDB Privilege Escalation (CAPEC-233)

Medium

2018-11-14

Vulnerability Report - Missing Certificate Authority Authorization rule

MariaDB Cryptographic Issues - Generic (CWE-310)

Low

2018-11-11

SSRF on jira.mariadb.org

MariaDB Server-Side Request Forgery (SSRF) (CWE-918)

Medium

2018-10-13

xmlrpc.php on mariadb.org can lead to DDOS and brute force attacks

MariaDB Uncontrolled Resource Consumption (CWE-400)

Low

2018-10-12

vulnerable to Cross-site Request Forgery | Jira

MariaDB Cross-Site Request Forgery (CSRF) (CWE-352)

Low

2018-10-12

高频漏洞类型

最活跃项目

项目	报告数	最高赏金
U.S. Dept Of Defense	896	—
Internet Bug Bounty	817	—
HackerOne	609	—
Nextcloud	582	—
Shopify	464	—
curl	439	—
Node.js third-party modules	307	—
GitLab	258	—
X / xAI	250	$2,500
Uber	239	$9,895