Browse all 470 CVE security advisories affecting HackerOne. AI-powered Chinese analysis, POCs, and references for each vulnerability.
HackerOne operates a crowdsourced vulnerability disclosure platform, connecting organizations with ethical hackers to identify and remediate security flaws before malicious exploitation. The platform’s extensive record of 470 CVEs highlights a diverse attack surface, with historically common vulnerability classes including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation. These defects often stem from complex API integrations and web application logic errors inherent in its SaaS infrastructure. Notable security characteristics involve its reliance on third-party researchers, which introduces both robust coverage and potential insider threat vectors. While major public incidents have been relatively contained, the platform’s role as a central hub for vulnerability data makes it a high-value target for attackers seeking to disrupt the disclosure ecosystem or harvest sensitive intelligence. Maintaining strict access controls and transparent reporting mechanisms remains critical for preserving trust and ensuring the integrity of the bug bounty process across its global user base.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2016-10680 | adamvr-geoip-lite 安全漏洞 — adamvr-geoip-lite node moduleCWE-311 | 8.1 | - | 2018-05-29 |
| CVE-2016-10681 | roslib-socketio 安全漏洞 — roslib-socketio node moduleCWE-311 | 8.1 | - | 2018-05-29 |
| CVE-2016-10682 | massif 安全漏洞 — massif node moduleCWE-311 | 8.1 | - | 2018-05-29 |
| CVE-2016-10698 | massif 安全漏洞 — mystem-fix node moduleCWE-311 | 8.1 | - | 2018-05-29 |
| CVE-2017-16003 | windows-build-tools 安全漏洞 — windows-build-tools node moduleCWE-311 | 8.1 | - | 2018-05-29 |
| CVE-2017-16010 | i18next 跨站脚本漏洞 — i18next node moduleCWE-79 | 6.1 | - | 2018-05-29 |
| CVE-2017-16047 | mysqljs 安全漏洞 — mysqljs node moduleCWE-506 | 7.5 | - | 2018-05-29 |
| CVE-2017-16061 | tkinter 安全漏洞 — tkinter node moduleCWE-506 | 7.5 | - | 2018-05-29 |
| CVE-2017-16062 | node-tkinter 安全漏洞 — node-tkinter node moduleCWE-506 | 7.5 | - | 2018-05-29 |
| CVE-2017-16153 | gaoxuyan 路径遍历漏洞 — gaoxuyan node moduleCWE-22 | 7.5 | - | 2018-05-29 |
| CVE-2018-3733 | crud-file-server node模块路径遍历漏洞 — crud-file-server node moduleCWE-22 | 6.5 | - | 2018-05-29 |
| CVE-2018-3734 | stattic node模块路径遍历漏洞 — stattic node moduleCWE-22 | 7.5 | - | 2018-05-29 |
| CVE-2018-3744 | html-pages node模块路径遍历漏洞 — html-pages node moduleCWE-35 | 9.1 | - | 2018-05-29 |
| CVE-2018-3745 | Joyent Node.js atob 安全漏洞 — atob node moduleCWE-125 | 7.5 | - | 2018-05-29 |
| CVE-2017-0909 | private_address_check ruby gem 安全漏洞 — private_address_check ruby gemCWE-184 | 9.8 | - | 2017-11-16 |
| CVE-2017-0903 | RubyGems 安全漏洞 — RubyGemsCWE-502 | 9.8 | - | 2017-10-11 |
| CVE-2017-0898 | Ruby 安全漏洞 — RubyCWE-134 | 9.8 | - | 2017-09-15 |
| CVE-2017-0899 | RubyGems 安全漏洞 — RubyGemsCWE-150 | 9.8 | - | 2017-08-31 |
| CVE-2017-0901 | RubyGems 安全漏洞 — RubyGemsCWE-22 | 7.5 | - | 2017-08-31 |
| CVE-2017-0902 | RubyGems 安全漏洞 — RubyGemsCWE-350 | 8.1 | - | 2017-08-31 |
This page lists every published CVE security advisory associated with HackerOne. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.