Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HackerOne — Vulnerabilities & Security Advisories 470

Browse all 470 CVE security advisories affecting HackerOne. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HackerOne operates a crowdsourced vulnerability disclosure platform, connecting organizations with ethical hackers to identify and remediate security flaws before malicious exploitation. The platform’s extensive record of 470 CVEs highlights a diverse attack surface, with historically common vulnerability classes including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation. These defects often stem from complex API integrations and web application logic errors inherent in its SaaS infrastructure. Notable security characteristics involve its reliance on third-party researchers, which introduces both robust coverage and potential insider threat vectors. While major public incidents have been relatively contained, the platform’s role as a central hub for vulnerability data makes it a high-value target for attackers seeking to disrupt the disclosure ecosystem or harvest sensitive intelligence. Maintaining strict access controls and transparent reporting mechanisms remains critical for preserving trust and ensuring the integrity of the bug bounty process across its global user base.

Top products by HackerOne: sequelize node module hapi node module RubyGems coffeescript node module sanitize-html node module serve node module i18next node module crud-file-server node module marked node module html-janitor node module private_address_check ruby gem m-server express-cart ws node module remarkable node module Nextcloud Server liyujing node module serverwzl node module npm-script-demo node module pandora-doomsday node module rtcmulticonnection-client node module dcserver node module tmock node module node-server-forfront node module welcomyzt node module pooledwebsocket node module cuciuci node module forwarded node module parsejson node module fresh node module
CVE IDTitleCVSSSeverityPublished
CVE-2017-16154 earlybird 路径遍历漏洞 — earlybird node moduleCWE-22 7.5 -2018-06-07
CVE-2018-3713 angular-http-server 路径遍历漏洞 — angular-http-server node moduleCWE-22 6.5 -2018-06-07
CVE-2017-16205 coffescript模块安全漏洞 — coffeescript node moduleCWE-506 7.5 -2018-06-07
CVE-2017-16207 discordi.js 安全漏洞 — discordi.js node moduleCWE-506 7.3 -2018-06-07
CVE-2017-16208 dmmcquay.lab6 路径遍历漏洞 — dmmcquay.lab6 node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16209 enserver 路径遍历漏洞 — enserver node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16210 jn_jj_server 路径遍历漏洞 — jn_jj_server node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16211 lessindex 路径遍历漏洞 — lessindex node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16212 ltt 路径遍历漏洞 — ltt node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16213 mfrserver 路径遍历漏洞 — mfrserver node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16214 peiserver 路径遍历漏洞 — peiserver node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16215 sgqserve 路径遍历漏洞 — sgqserve node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16216 tencent-server 路径遍历漏洞 — tencent-server node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16217 fbr-client 路径遍历漏洞 — fbr-client node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16218 dgard8.lab6 路径遍历漏洞 — dgard8.lab6 node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16219 yttivy 路径遍历漏洞 — yttivy node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16220 wind-mvc 路径遍历漏洞 — wind-mvc node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16221 yzt 路径遍历漏洞 — yzt node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16222 elding 路径遍历漏洞 — elding node moduleCWE-22 5.3 -2018-06-07
CVE-2017-16223 nodeaaaaa 路径遍历漏洞 — nodeaaaaa node moduleCWE-22 7.5 -2018-06-07
CVE-2017-16224 st 输入验证错误漏洞 — st node moduleCWE-601 6.1 -2018-06-07
CVE-2017-16225 aegir 信息泄露漏洞 — aegir node moduleCWE-200 7.5 -2018-06-07
CVE-2017-16226 The static-eval 输入验证错误漏洞 — static-eval node module node moduleCWE-20 9.8 -2018-06-07
CVE-2018-3711 Fastify 安全漏洞 — fastify node moduleCWE-770 7.5 -2018-06-07
CVE-2018-3712 serve 路径遍历漏洞 — serve node moduleCWE-22 6.5 -2018-06-07
CVE-2018-3727 626 node module 路径遍历漏洞 — 626 node moduleCWE-22 7.5 -2018-06-07
CVE-2018-3730 mcstatic node module 路径遍历漏洞 — mcstatic node moduleCWE-22 7.5 -2018-06-07
CVE-2018-3729 mcstatic node module 路径遍历漏洞 — localhost-now node moduleCWE-22 6.5 -2018-06-07
CVE-2018-3731 public node模块路径遍历漏洞 — public node moduleCWE-22 7.5 -2018-06-07
CVE-2018-3726 crud-file-server node module 跨站脚本漏洞 — crud-file-server node moduleCWE-79 5.4 -2018-06-07

This page lists every published CVE security advisory associated with HackerOne. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.