Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HackerOne — Vulnerabilities & Security Advisories 470

Browse all 470 CVE security advisories affecting HackerOne. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HackerOne operates a crowdsourced vulnerability disclosure platform, connecting organizations with ethical hackers to identify and remediate security flaws before malicious exploitation. The platform’s extensive record of 470 CVEs highlights a diverse attack surface, with historically common vulnerability classes including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation. These defects often stem from complex API integrations and web application logic errors inherent in its SaaS infrastructure. Notable security characteristics involve its reliance on third-party researchers, which introduces both robust coverage and potential insider threat vectors. While major public incidents have been relatively contained, the platform’s role as a central hub for vulnerability data makes it a high-value target for attackers seeking to disrupt the disclosure ecosystem or harvest sensitive intelligence. Maintaining strict access controls and transparent reporting mechanisms remains critical for preserving trust and ensuring the integrity of the bug bounty process across its global user base.

Top products by HackerOne: sequelize node module hapi node module RubyGems coffeescript node module sanitize-html node module serve node module i18next node module crud-file-server node module marked node module html-janitor node module private_address_check ruby gem m-server express-cart ws node module remarkable node module Nextcloud Server liyujing node module serverwzl node module npm-script-demo node module pandora-doomsday node module rtcmulticonnection-client node module dcserver node module tmock node module node-server-forfront node module welcomyzt node module pooledwebsocket node module cuciuci node module forwarded node module parsejson node module fresh node module
CVE IDTitleCVSSSeverityPublished
CVE-2017-16029 hostr 路径遍历漏洞 — hostr node moduleCWE-22 7.5 -2018-06-04
CVE-2017-16030 Useragent 安全漏洞 — useragent node moduleCWE-400 7.5 -2018-06-04
CVE-2017-16031 socket.io 安全漏洞 — socket.io node module 7.5 -2018-06-04
CVE-2017-16035 hubl-server模块安全漏洞 — hubl-server node moduleCWE-311 8.1 -2018-06-04
CVE-2017-16036 badjs-sourcemap-server 路径遍历漏洞 — badjs-sourcemap-server node moduleCWE-22 7.5 -2018-06-04
CVE-2017-16037 gomeplus-h5-proxy 路径遍历漏洞 — gomeplus-h5-proxy node moduleCWE-22 7.5 -2018-06-04
CVE-2017-16038 f2e-server 路径遍历漏洞 — f2e-server node module 7.5 -2018-06-04
CVE-2017-16039 hftp 路径遍历漏洞 — hftp node moduleCWE-22 7.5 -2018-06-04
CVE-2017-16040 gfe-sass 安全漏洞 — gfe-sass node moduleCWE-311 8.1 -2018-06-04
CVE-2017-16041 ikst 安全漏洞 — ikst node moduleCWE-311 5.9 -2018-06-04
CVE-2017-16042 Growl 安全漏洞 — growl node moduleCWE-94 9.8 -2018-06-04
CVE-2017-16043 Shout 安全漏洞 — shout node moduleCWE-80 6.1 -2018-06-04
CVE-2017-16044 d3.js 安全漏洞 — d3.js node moduleCWE-506 7.5 -2018-06-04
CVE-2017-16045 jquery.js 安全漏洞 — jquery.js node moduleCWE-506 7.5 -2018-06-04
CVE-2017-16046 MariaDB 信息泄露漏洞 — mariadb node moduleCWE-506 7.5 -2018-06-04
CVE-2017-16048 node-sqlite 安全漏洞 — node-sqlite node moduleCWE-506 7.5 -2018-06-04
CVE-2017-16049 nodesqlite 安全漏洞 — nodesqlite node moduleCWE-506 7.5 -2018-06-04
CVE-2017-16050 sqlite.js 安全漏洞 — sqlite.js node moduleCWE-506 7.5 -2018-06-04
CVE-2017-16051 sqliter 安全漏洞 — sqliter node moduleCWE-506 7.5 -2018-06-04
CVE-2017-16052 node-fabric 安全漏洞 — node-fabric node moduleCWE-506 7.5 -2018-06-04
CVE-2017-16053 fabric-js 安全漏洞 — fabric-js node moduleCWE-506 7.5 -2018-06-04
CVE-2017-16054 nodefabric 安全漏洞 — nodefabric node moduleCWE-506 7.5 -2018-06-04
CVE-2017-16055 sqlserver 安全漏洞 — sqlserver node moduleCWE-506 7.5 -2018-06-04
CVE-2016-10636 grunt-ccompiler 安全漏洞 — grunt-ccompiler node moduleCWE-311 8.1 -2018-06-04
CVE-2016-10637 haxe-dev 安全漏洞 — haxe-dev node moduleCWE-311 8.1 -2018-06-04
CVE-2016-10638 js-given 安全漏洞 — js-given node moduleCWE-311 8.1 -2018-06-04
CVE-2016-10639 redis-srvr 安全漏洞 — redis-srvr node moduleCWE-311 8.1 -2018-06-04
CVE-2016-10640 node-thulac 安全漏洞 — node-thulac node moduleCWE-311 8.1 -2018-06-04
CVE-2016-10641 node-bsdiff-android 安全漏洞 — node-bsdiff-android node moduleCWE-311 8.1 -2018-06-04
CVE-2016-10642 cmake 安全漏洞 — cmake node moduleCWE-311 8.1 -2018-06-04

This page lists every published CVE security advisory associated with HackerOne. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.