Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HackerOne — Vulnerabilities & Security Advisories 470

Browse all 470 CVE security advisories affecting HackerOne. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HackerOne operates a crowdsourced vulnerability disclosure platform, connecting organizations with ethical hackers to identify and remediate security flaws before malicious exploitation. The platform’s extensive record of 470 CVEs highlights a diverse attack surface, with historically common vulnerability classes including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation. These defects often stem from complex API integrations and web application logic errors inherent in its SaaS infrastructure. Notable security characteristics involve its reliance on third-party researchers, which introduces both robust coverage and potential insider threat vectors. While major public incidents have been relatively contained, the platform’s role as a central hub for vulnerability data makes it a high-value target for attackers seeking to disrupt the disclosure ecosystem or harvest sensitive intelligence. Maintaining strict access controls and transparent reporting mechanisms remains critical for preserving trust and ensuring the integrity of the bug bounty process across its global user base.

Top products by HackerOne: sequelize node module hapi node module RubyGems coffeescript node module sanitize-html node module serve node module i18next node module crud-file-server node module marked node module html-janitor node module private_address_check ruby gem m-server express-cart ws node module remarkable node module Nextcloud Server liyujing node module serverwzl node module npm-script-demo node module pandora-doomsday node module rtcmulticonnection-client node module dcserver node module tmock node module node-server-forfront node module welcomyzt node module pooledwebsocket node module cuciuci node module forwarded node module parsejson node module fresh node module
CVE IDTitleCVSSSeverityPublished
CVE-2016-10634 scala-standalone-bin 安全漏洞 — scalajs-standalone-bin node moduleCWE-311 8.1 -2018-06-01
CVE-2018-3743 hekto 安全漏洞 — hektoCWE-601 6.1 -2018-06-01
CVE-2018-3746 pdfinfojs NPM模块命令注入漏洞 — pdfinfojsCWE-77 9.8 -2018-06-01
CVE-2018-3755 sexstatic 跨站脚本漏洞 — sexstaticCWE-79 6.1 -2018-06-01
CVE-2014-10064 qs模块安全漏洞 — qs node moduleCWE-400 7.5 -2018-05-31
CVE-2014-10065 remarkable 跨站脚本漏洞 — remarkable node moduleCWE-94 6.1 -2018-05-31
CVE-2014-10066 fancy-server 路径遍历漏洞 — fancy-server node moduleCWE-22 7.5 -2018-05-31
CVE-2015-9236 Hapi 安全漏洞 — hapi node moduleCWE-284 7.5 -2018-05-31
CVE-2015-9238 secure-compare 安全漏洞 — secure-compare node moduleCWE-697 5.3 -2018-05-31
CVE-2015-9239 ansi2html 安全漏洞 — ansi2html node moduleCWE-400 7.5 -2018-05-31
CVE-2016-10518 ws模块安全漏洞 — ws node moduleCWE-201 9.1 -2018-05-31
CVE-2016-10519 bittorrent-dht 安全漏洞 — bittorrent-dht node moduleCWE-201 7.5 -2018-05-31
CVE-2016-10520 jadedown 安全漏洞 — jadedown node moduleCWE-400 7.5 -2018-05-31
CVE-2016-10521 jshamcrest 安全漏洞 — jshamcrest node moduleCWE-400 7.5 -2018-05-31
CVE-2016-10523 MQTT 安全漏洞 — mqtt-packet node moduleCWE-400 7.5 -2018-05-31
CVE-2016-10524 i18n-node-angular 安全漏洞 — i18n-node-angular node moduleCWE-400 6.8 -2018-05-31
CVE-2016-10526 gh-pages 安全漏洞 — grunt-gh-pages node moduleCWE-391 8.6 -2018-05-31
CVE-2016-10527 riot-compiler 安全漏洞 — riot-compiler node moduleCWE-400 7.5 -2018-05-31
CVE-2016-10528 Restafary 路径遍历漏洞 — restafary node moduleCWE-22 9.1 -2018-05-31
CVE-2016-10529 Droppy 安全漏洞 — droppy node moduleCWE-352 8.3 -2018-05-31
CVE-2016-10530 airbrake模块安全漏洞 — airbrake node moduleCWE-200 5.9 -2018-05-31
CVE-2016-10531 marked 跨站脚本漏洞 — marked node moduleCWE-79 6.1 -2018-05-31
CVE-2016-10532 console-io 安全漏洞 — console-io node module 9.8 -2018-05-31
CVE-2016-10533 express-restify-mongoose 安全漏洞 — express-restify-mongoose node moduleCWE-200 9.8 -2018-05-31
CVE-2016-10534 electron-packager 安全漏洞 — electron-packager node moduleCWE-295 5.9 -2018-05-31
CVE-2016-10535 csrf-lite 安全漏洞 — csrf-lite node moduleCWE-208 5.9 -2018-05-31
CVE-2016-10536 engine.io-client 安全漏洞 — engine.io-client node moduleCWE-300 5.9 -2018-05-31
CVE-2016-10537 backbone.js 跨站脚本漏洞 — backbone node moduleCWE-79 5.4 -2018-05-31
CVE-2016-10538 node-cli 安全漏洞 — cli node moduleCWE-22 5.7 -2018-05-31
CVE-2016-10539 negotiator 安全漏洞 — negotiator node moduleCWE-400 7.5 -2018-05-31

This page lists every published CVE security advisory associated with HackerOne. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.