Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HackerOne — Vulnerabilities & Security Advisories 470

Browse all 470 CVE security advisories affecting HackerOne. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HackerOne operates a crowdsourced vulnerability disclosure platform, connecting organizations with ethical hackers to identify and remediate security flaws before malicious exploitation. The platform’s extensive record of 470 CVEs highlights a diverse attack surface, with historically common vulnerability classes including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation. These defects often stem from complex API integrations and web application logic errors inherent in its SaaS infrastructure. Notable security characteristics involve its reliance on third-party researchers, which introduces both robust coverage and potential insider threat vectors. While major public incidents have been relatively contained, the platform’s role as a central hub for vulnerability data makes it a high-value target for attackers seeking to disrupt the disclosure ecosystem or harvest sensitive intelligence. Maintaining strict access controls and transparent reporting mechanisms remains critical for preserving trust and ensuring the integrity of the bug bounty process across its global user base.

Top products by HackerOne: sequelize node module hapi node module RubyGems coffeescript node module sanitize-html node module serve node module i18next node module crud-file-server node module marked node module html-janitor node module private_address_check ruby gem m-server express-cart ws node module remarkable node module Nextcloud Server liyujing node module serverwzl node module npm-script-demo node module pandora-doomsday node module rtcmulticonnection-client node module dcserver node module tmock node module node-server-forfront node module welcomyzt node module pooledwebsocket node module cuciuci node module forwarded node module parsejson node module fresh node module
CVE IDTitleCVSSSeverityPublished
CVE-2017-16108 gaoxiaotingtingting 路径遍历漏洞 — gaoxiaotingtingting node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16109 easyquick 路径遍历漏洞 — easyquick node moduleCWE-22 5.3 -2018-06-07
CVE-2017-16110 weather.swlyons 路径遍历漏洞 — weather.swlyons node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16111 content模块安全漏洞 — content node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16113 parsejson模块安全漏洞 — parsejson node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16114 marked模块安全漏洞 — marked node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16115 timespan模块安全漏洞 — timespan node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16116 string模块安全漏洞 — string node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16117 slug 安全漏洞 — slug node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16118 forwarded模块安全漏洞 — forwarded node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16119 Fresh 安全漏洞 — fresh node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16120 liyujing 路径遍历漏洞 — liyujing node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16121 datachannel-client 路径遍历漏洞 — datachannel-client node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16122 cuciuci 路径遍历漏洞 — cuciuci node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16123 welcomyzt 路径遍历漏洞 — welcomyzt node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16124 node-server-forfront 路径遍历漏洞 — node-server-forfront node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16125 rtcmulticonnection-client 路径遍历漏洞 — rtcmulticonnection-client node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16127 pandora-doomsday 安全漏洞 — pandora-doomsday node moduleCWE-509 9.1 -2018-06-07
CVE-2017-16128 npm-script-demo 安全漏洞 — npm-script-demo node moduleCWE-506 9.8 -2018-06-07
CVE-2017-16129 superagent 安全漏洞 — superagent node moduleCWE-409 5.9 -2018-06-07
CVE-2017-16154 earlybird 路径遍历漏洞 — earlybird node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16142 infraserver 路径遍历漏洞 — infraserver node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16138 mime模块安全漏洞 — mime node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16139 jikes 路径遍历漏洞 — jikes node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16149 zwserver 路径遍历漏洞 — zwserver node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16140 lab6.brit95 路径遍历漏洞 — lab6.brit95 node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16141 lab6drewfusbyu 路径遍历漏洞 — lab6drewfusbyu node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16145 sspa 路径遍历漏洞 — sspa node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16147 shit-server 路径遍历漏洞 — shit-server node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16146 mockserve 路径遍历漏洞 — mockserve node moduleCWE-22 7.5 -2018-06-07

This page lists every published CVE security advisory associated with HackerOne. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.