Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HackerOne — Vulnerabilities & Security Advisories 470

Browse all 470 CVE security advisories affecting HackerOne. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HackerOne operates a crowdsourced vulnerability disclosure platform, connecting organizations with ethical hackers to identify and remediate security flaws before malicious exploitation. The platform’s extensive record of 470 CVEs highlights a diverse attack surface, with historically common vulnerability classes including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation. These defects often stem from complex API integrations and web application logic errors inherent in its SaaS infrastructure. Notable security characteristics involve its reliance on third-party researchers, which introduces both robust coverage and potential insider threat vectors. While major public incidents have been relatively contained, the platform’s role as a central hub for vulnerability data makes it a high-value target for attackers seeking to disrupt the disclosure ecosystem or harvest sensitive intelligence. Maintaining strict access controls and transparent reporting mechanisms remains critical for preserving trust and ensuring the integrity of the bug bounty process across its global user base.

Top products by HackerOne: sequelize node module hapi node module RubyGems coffeescript node module sanitize-html node module serve node module i18next node module crud-file-server node module marked node module html-janitor node module private_address_check ruby gem m-server express-cart ws node module remarkable node module Nextcloud Server liyujing node module serverwzl node module npm-script-demo node module pandora-doomsday node module rtcmulticonnection-client node module dcserver node module tmock node module node-server-forfront node module welcomyzt node module pooledwebsocket node module cuciuci node module forwarded node module parsejson node module fresh node module
CVE IDTitleCVSSSeverityPublished
CVE-2018-3735 bracket-template 跨站脚本漏洞 — bracket-template node moduleCWE-79 6.1 -2018-06-07
CVE-2018-3737 sshpk 安全漏洞 — sshpk node moduleCWE-770 7.5 -2018-06-07
CVE-2018-3738 protobufjs 安全漏洞 — protobufjs node moduleCWE-770 5.5 -2018-06-07
CVE-2018-3739 https-proxy-agent 安全漏洞 — https-proxy-agent node moduleCWE-400 7.5 -2018-06-07
CVE-2016-10695 npm-test-sqlite3-trunk 安全漏洞 — npm-test-sqlite3-trunk node moduleCWE-311 8.1 -2018-06-04
CVE-2016-10696 windows-latestchromedriver 安全漏洞 — windows-latestchromedriver node moduleCWE-311 8.1 -2018-06-04
CVE-2016-10697 react-native-baidu-voice-synthesizer 安全漏洞 — react-native-baidu-voice-synthesizer node moduleCWE-311 8.1 -2018-06-04
CVE-2017-0928 html-janitor 安全漏洞 — html-janitor node moduleCWE-642 5.4 -2018-06-04
CVE-2017-0930 augustine 路径遍历漏洞 — augustine node moduleCWE-22 6.5 -2018-06-04
CVE-2017-0931 html-janitor 跨站脚本漏洞 — html-janitor node moduleCWE-79 6.1 -2018-06-04
CVE-2017-16005 Http-signature 安全漏洞 — http-signature node moduleCWE-20 7.5 -2018-06-04
CVE-2017-16006 Remarkable 跨站脚本漏洞 — remarkable node moduleCWE-79 6.1 -2018-06-04
CVE-2017-16007 node-jose 安全漏洞 — node-jose node moduleCWE-200 5.9 -2018-06-04
CVE-2017-16008 i18next 跨站脚本漏洞 — i18next node moduleCWE-79 6.1 -2018-06-04
CVE-2017-16009 ag-grid 跨站脚本漏洞 — ag-grid node moduleCWE-79 6.1 -2018-06-04
CVE-2017-16013 Hapi 安全漏洞 — hapi node moduleCWE-400 7.5 -2018-06-04
CVE-2017-16014 Http-proxy 安全漏洞 — http-proxy node moduleCWE-703 7.5 -2018-06-04
CVE-2017-16015 Forms 跨站脚本漏洞 — forms node moduleCWE-80 6.1 -2018-06-04
CVE-2017-16016 Sanitize-html 跨站脚本漏洞 — sanitize-html node moduleCWE-79 6.1 -2018-06-04
CVE-2017-16017 Sanitize-html 跨站脚本漏洞 — sanitize-html node moduleCWE-79 6.1 -2018-06-04
CVE-2017-16018 Restify 跨站脚本漏洞 — restify node moduleCWE-79 6.1 -2018-06-04
CVE-2017-16019 GitBook online reader 跨站脚本漏洞 — gitbook node moduleCWE-79 5.4 -2018-06-04
CVE-2017-16020 Summit 安全漏洞 — summit node moduleCWE-94 9.8 -2018-06-04
CVE-2017-16021 uri-js 安全漏洞 — uri-js node moduleCWE-400 6.5 -2018-06-04
CVE-2017-16022 Morris.js 跨站脚本漏洞 — Morris.js node moduleCWE-79 5.4 -2018-06-04
CVE-2017-16023 Decamelize 安全漏洞 — decamelize node moduleCWE-400 7.5 -2018-06-04
CVE-2017-16024 sync-exec 安全漏洞 — sync-exec node moduleCWE-377 6.5 -2018-06-04
CVE-2017-16025 Nes 安全漏洞 — nes node moduleCWE-400 7.5 -2018-06-04
CVE-2017-16026 Request 安全漏洞 — request node moduleCWE-201 5.9 -2018-06-04
CVE-2017-16028 react-native-meteor-oauth 安全漏洞 — react-native-meteor-oauth node moduleCWE-330 7.5 -2018-06-04

This page lists every published CVE security advisory associated with HackerOne. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.