目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
14
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:rails
ActiveStorage Disk Service Path Traversal via Custom Blob Key Injection
Ruby on Rails Path Traversal (CWE-22)
Medium
2026-05-07
1-Click Cross-Site Scripting via Custom Configuration in SafeListSanitizer
Ruby on Rails Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2025-04-09
Action Text XSS (Rails 7.1.x)
Ruby on Rails Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2025-02-04
Sauce Labs API key unencrypted in an old commit
Ruby on Rails Use of Hard-coded Cryptographic Key (CWE-321)
Medium
2024-10-08
XSS vulnerabilities due to missing checks in tag helpers
Ruby on Rails Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2022-27777
Medium
2023-07-28
Incorrect handling of certain characters passed to the redirection functionality in Rails can lead to a single-click XSS vulnerability.
Ruby on Rails Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2023-28362
Medium
2023-07-28
ActionView sanitize helper bypass leading to XSS using SVG tag.
Ruby on Rails Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2022-23515CVE-2022-23518
Medium
2023-07-10
Escape Sequence Injection vulnerability in Rack
Ruby on Rails CVE-2022-30123
Medium
2023-06-28
Possible DOS in app with crashing `exceptions_app`
Ruby on Rails Uncontrolled Resource Consumption (CWE-400)
Medium
2023-06-28
Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style)
Ruby on Rails Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2022-23519
Medium
2022-12-14
Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations)
Ruby on Rails Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2022-23520
Medium
2022-12-14
Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag
Ruby on Rails Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2022-32209
Medium
2022-06-14
XSS by MathML at Active Storage
Ruby on Rails Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2018-16477
Medium
2021-06-15
Regular expression denial of service in ActiveRecord's PostgreSQL Money type
Ruby on Rails Uncontrolled Resource Consumption (CWE-400)CVE-2021-22880
Medium
2021-02-11
XSS by file (Active Storage `Proxying`)
Ruby on Rails Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2020-09-01
The authenticity_token can be reversed and used to forge valid per_form_csrf_tokens for arbitrary routes
Ruby on Rails Cross-Site Request Forgery (CSRF) (CWE-352)CVE-2020-8166
Medium
2020-08-27
Untrusted users able to run pending migrations in production
Ruby on Rails Uncontrolled Resource Consumption (CWE-400)CVE-2020-8185
Medium
2020-07-24
ActiveStorage direct upload fails to sign content-length header for S3 service
Ruby on Rails Client-Side Enforcement of Server-Side Security (CWE-602)CVE-2020-8162
Medium
2020-05-18
ActionController::Parameters .each returns an unsafe hash
Ruby on Rails CVE-2020-8164
Medium
2020-05-18
Missing resource identifier encoding may lead to security vulnerabilities
Ruby on Rails Information Disclosure (CWE-200)CVE-2020-8151
Medium
2020-05-13
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895