Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HackerOne — Vulnerabilities & Security Advisories 470

Browse all 470 CVE security advisories affecting HackerOne. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HackerOne operates a crowdsourced vulnerability disclosure platform, connecting organizations with ethical hackers to identify and remediate security flaws before malicious exploitation. The platform’s extensive record of 470 CVEs highlights a diverse attack surface, with historically common vulnerability classes including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation. These defects often stem from complex API integrations and web application logic errors inherent in its SaaS infrastructure. Notable security characteristics involve its reliance on third-party researchers, which introduces both robust coverage and potential insider threat vectors. While major public incidents have been relatively contained, the platform’s role as a central hub for vulnerability data makes it a high-value target for attackers seeking to disrupt the disclosure ecosystem or harvest sensitive intelligence. Maintaining strict access controls and transparent reporting mechanisms remains critical for preserving trust and ensuring the integrity of the bug bounty process across its global user base.

Top products by HackerOne: sequelize node module hapi node module RubyGems coffeescript node module sanitize-html node module serve node module i18next node module crud-file-server node module marked node module html-janitor node module private_address_check ruby gem m-server express-cart ws node module remarkable node module Nextcloud Server liyujing node module serverwzl node module npm-script-demo node module pandora-doomsday node module rtcmulticonnection-client node module dcserver node module tmock node module node-server-forfront node module welcomyzt node module pooledwebsocket node module cuciuci node module forwarded node module parsejson node module fresh node module
CVE IDTitleCVSSSeverityPublished
CVE-2017-16120 liyujing 路径遍历漏洞 — liyujing node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16119 Fresh 安全漏洞 — fresh node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16118 forwarded模块安全漏洞 — forwarded node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16117 slug 安全漏洞 — slug node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16116 string模块安全漏洞 — string node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16115 timespan模块安全漏洞 — timespan node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16114 marked模块安全漏洞 — marked node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16113 parsejson模块安全漏洞 — parsejson node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16111 content模块安全漏洞 — content node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16110 weather.swlyons 路径遍历漏洞 — weather.swlyons node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16109 easyquick 路径遍历漏洞 — easyquick node moduleCWE-22 5.3 -2018-06-07
CVE-2017-16108 gaoxiaotingtingting 路径遍历漏洞 — gaoxiaotingtingting node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16107 pooledwebsocket 路径遍历漏洞 — pooledwebsocket node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16106 tmock 路径遍历漏洞 — tmock node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16069 nodeffmpeg 安全漏洞 — nodeffmpeg node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16080 nodesass 安全漏洞 — nodesass node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16079 smb 安全漏洞 — smb node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16078 shadowsock 安全漏洞 — shadowsock node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16077 mongose 安全漏洞 — mongose node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16076 proxy.js 安全漏洞 — proxy.js node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16075 http-proxy.js 安全漏洞 — http-proxy.js node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16074 crossenv 安全漏洞 — crossenv node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16073 noderequest 安全漏洞 — noderequest node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16072 nodemailer.js 安全漏洞 — nodemailer.js node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16071 nodemailer.js 安全漏洞 — nodemailer-js node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16070 nodecaffe 安全漏洞 — nodecaffe node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16058 gruntcli 安全漏洞 — gruntcli node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16060 babelcli 安全漏洞 — babelcli node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16059 mssql-node 安全漏洞 — mssql-node node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16063 node-opensl 安全漏洞 — node-opensl node moduleCWE-506 7.5 -2018-06-07

This page lists every published CVE security advisory associated with HackerOne. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.