Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HackerOne — Vulnerabilities & Security Advisories 470

Browse all 470 CVE security advisories affecting HackerOne. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HackerOne operates a crowdsourced vulnerability disclosure platform, connecting organizations with ethical hackers to identify and remediate security flaws before malicious exploitation. The platform’s extensive record of 470 CVEs highlights a diverse attack surface, with historically common vulnerability classes including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation. These defects often stem from complex API integrations and web application logic errors inherent in its SaaS infrastructure. Notable security characteristics involve its reliance on third-party researchers, which introduces both robust coverage and potential insider threat vectors. While major public incidents have been relatively contained, the platform’s role as a central hub for vulnerability data makes it a high-value target for attackers seeking to disrupt the disclosure ecosystem or harvest sensitive intelligence. Maintaining strict access controls and transparent reporting mechanisms remains critical for preserving trust and ensuring the integrity of the bug bounty process across its global user base.

Top products by HackerOne: sequelize node module hapi node module RubyGems coffeescript node module sanitize-html node module serve node module i18next node module crud-file-server node module marked node module html-janitor node module private_address_check ruby gem m-server express-cart ws node module remarkable node module Nextcloud Server liyujing node module serverwzl node module npm-script-demo node module pandora-doomsday node module rtcmulticonnection-client node module dcserver node module tmock node module node-server-forfront node module welcomyzt node module pooledwebsocket node module cuciuci node module forwarded node module parsejson node module fresh node module
CVE IDTitleCVSSSeverityPublished
CVE-2017-16073 noderequest 安全漏洞 — noderequest node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16074 crossenv 安全漏洞 — crossenv node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16075 http-proxy.js 安全漏洞 — http-proxy.js node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16076 proxy.js 安全漏洞 — proxy.js node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16077 mongose 安全漏洞 — mongose node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16078 shadowsock 安全漏洞 — shadowsock node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16079 smb 安全漏洞 — smb node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16080 nodesass 安全漏洞 — nodesass node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16093 cyberjs 路径遍历漏洞 — cyber-js node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16104 citypredict.whauwiller 路径遍历漏洞 — citypredict.whauwiller node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16103 serveryztyzt 路径遍历漏洞 — serveryztyzt node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16102 serverhuwenhui 路径遍历漏洞 — serverhuwenhui node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16101 serverwg 路径遍历漏洞 — serverwg node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16100 dns-sync 安全漏洞 — dns-sync node moduleCWE-94 9.8 -2018-06-07
CVE-2017-16099 no-case模块安全漏洞 — no-case node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16098 charset 安全漏洞 — charset node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16097 tiny-http 路径遍历漏洞 — tiny-http node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16096 serveryaozeyan 路径遍历漏洞 — serveryaozeyan node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16095 serverliujiayi1 路径遍历漏洞 — serverliujiayi1 node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16094 iter-http 路径遍历漏洞 — iter-http node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16088 safe-eval模块安全漏洞 — safe-eval node moduleCWE-610 10.0 -2018-06-07
CVE-2017-16082 pg模块安全漏洞 — pg node moduleCWE-94 9.8 -2018-06-07
CVE-2017-16083 node-simple-router 路径遍历漏洞 — node-simple-router node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16084 list-n-stream 路径遍历漏洞 — list-n-stream node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16085 tinyserver 路径遍历漏洞 — tinyserver2 node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16086 ua-parser 安全漏洞 — ua-parser node moduleCWE-400 7.5 -2018-06-07
CVE-2017-16090 fsk-server 路径遍历漏洞 — fsk-server node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16092 Sencisho 路径遍历漏洞 — sencisho node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16091 xtalk 路径遍历漏洞 — xtalk node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16105 serverwzl 路径遍历漏洞 — serverwzl node moduleCWE-22 7.5 -2018-06-07

This page lists every published CVE security advisory associated with HackerOne. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.