Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HackerOne — Vulnerabilities & Security Advisories 470

Browse all 470 CVE security advisories affecting HackerOne. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HackerOne operates a crowdsourced vulnerability disclosure platform, connecting organizations with ethical hackers to identify and remediate security flaws before malicious exploitation. The platform’s extensive record of 470 CVEs highlights a diverse attack surface, with historically common vulnerability classes including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation. These defects often stem from complex API integrations and web application logic errors inherent in its SaaS infrastructure. Notable security characteristics involve its reliance on third-party researchers, which introduces both robust coverage and potential insider threat vectors. While major public incidents have been relatively contained, the platform’s role as a central hub for vulnerability data makes it a high-value target for attackers seeking to disrupt the disclosure ecosystem or harvest sensitive intelligence. Maintaining strict access controls and transparent reporting mechanisms remains critical for preserving trust and ensuring the integrity of the bug bounty process across its global user base.

Top products by HackerOne: sequelize node module hapi node module RubyGems coffeescript node module sanitize-html node module serve node module i18next node module crud-file-server node module marked node module html-janitor node module private_address_check ruby gem m-server express-cart ws node module remarkable node module Nextcloud Server liyujing node module serverwzl node module npm-script-demo node module pandora-doomsday node module rtcmulticonnection-client node module dcserver node module tmock node module node-server-forfront node module welcomyzt node module pooledwebsocket node module cuciuci node module forwarded node module parsejson node module fresh node module
CVE IDTitleCVSSSeverityPublished
CVE-2016-10540 Minimatch 安全漏洞 — minimatch node moduleCWE-400 7.5 -2018-05-31
CVE-2016-10541 Thshell-quote 安全漏洞 — shell-quote node moduleCWE-78 8.8 -2018-05-31
CVE-2016-10542 ws 安全漏洞 — ws node moduleCWE-400 7.5 -2018-05-31
CVE-2016-10543 call 安全漏洞 — call node moduleCWE-20 5.3 -2018-05-31
CVE-2016-10544 uws 安全漏洞 — uws node moduleCWE-400 5.9 -2018-05-31
CVE-2016-10546 PouchDB 安全漏洞 — pouchdb node moduleCWE-94 9.8 -2018-05-31
CVE-2016-10547 Nunjucks 安全漏洞 — nunjucks node moduleCWE-79 6.1 -2018-05-31
CVE-2016-10548 reduce-css-calc node模块安全漏洞 — reduce-css-calc node moduleCWE-94 6.1 -2018-05-31
CVE-2016-10549 Sails 安全漏洞 — sails node moduleCWE-284 4.7 -2018-05-31
CVE-2016-10550 sequalize SQL注入漏洞 — sequelize node moduleCWE-89 9.8 -2018-05-31
CVE-2016-10552 igniteui 安全漏洞 — igniteui node moduleCWE-311 7.4 -2018-05-31
CVE-2016-10553 sequalize SQL注入漏洞 — sequelize node moduleCWE-89 9.8 -2018-05-31
CVE-2016-10554 sequelize 安全漏洞 — sequelize node moduleCWE-89 9.8 -2018-05-31
CVE-2016-10555 jwt-simple 安全漏洞 — jwt-simple node moduleCWE-20 6.5 -2018-05-31
CVE-2016-10557 appium-chromedriver 安全漏洞 — appium-chromedriver node moduleCWE-311 8.1 -2018-05-31
CVE-2016-10560 galenframework-cli 安全漏洞 — galenframework-cli node moduleCWE-311 8.1 -2018-05-31
CVE-2016-10561 Bitty 路径遍历漏洞 — bitty node moduleCWE-22 5.3 -2018-05-31
CVE-2016-10562 iedriver 安全漏洞 — iedriver node moduleCWE-311 8.1 -2018-05-31
CVE-2016-10563 go-ipfs-deps模块安全漏洞 — go-ipfs-dep node moduleCWE-311 7.4 -2018-05-31
CVE-2016-10564 apk-parser 安全漏洞 — apk-parser node moduleCWE-311 8.1 -2018-05-31
CVE-2016-10565 operadriver 安全漏洞 — operadriver node moduleCWE-311 8.1 -2018-05-31
CVE-2016-10569 embedza 安全漏洞 — embedza node moduleCWE-311 8.1 -2018-05-31
CVE-2016-10571 bkjs-wand 安全漏洞 — bkjs-wand node moduleCWE-311 8.1 -2018-05-31
CVE-2016-10572 mongodb-instance 安全漏洞 — mongodb-instance node moduleCWE-311 8.1 -2018-05-31
CVE-2014-10067 paypal-ipn 安全漏洞 — paypal-ipn node module 5.9 -2018-05-29
CVE-2014-10068 inert node模块inert directory handler 信息泄露漏洞 — inert node moduleCWE-22 7.5 -2018-05-29
CVE-2015-9235 jsonwebtoken node模块安全漏洞 — jsonwebtoken node moduleCWE-20 9.8 -2018-05-29
CVE-2015-9240 keystone node模块安全漏洞 — keystone node module 7.5 -2018-05-29
CVE-2015-9241 hapi node模块安全漏洞 — hapi node moduleCWE-400 7.5 -2018-05-29
CVE-2015-9242 ecstatic node模块安全漏洞 — ecstatic node moduleCWE-400 7.5 -2018-05-29

This page lists every published CVE security advisory associated with HackerOne. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.