目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1020

100%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,245
关联 CVE
1,864
参与项目数
343
近 7 天新增
23
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Code Injection Vulnerability in morgan Package
Node.js third-party modules Code Injection (CWE-94)CVE-2019-5413
Medium
2018-10-28
Sidekiq web UI (Ruby background processing) accessible unauthenticated via https://gift-test.starbucks.co.jp/sidekiq/busy
Starbucks Improper Access Control - Generic (CWE-284)
Medium
2018-10-24
Smuggle SocialClub's Facebook OAuth Code via Referer Leakage
Rockstar Games Information Disclosure (CWE-200)
Medium
2018-10-23
OpenSSL::X509::Name Equality Check Does Not Work, Patch included
Ruby Improper Certificate Validation (CWE-295)CVE-2018-16395
Medium
2018-10-19
[ux.shopify.com] Subdomain takeover
Shopify Improper Access Control - Generic (CWE-284)
Medium
2018-10-19
[serve] Stored XSS in the filename when directories listing
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-10-19
DOM Based XSS charting_library
Gatecoin Cross-site Scripting (XSS) - DOM (CWE-79)
Medium
2018-10-19
[serve] XSS via HTML tag injection in directory lisiting page
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-10-19
Email Spoofing Possible on torproject.org Email Domain
Tor Business Logic Errors (CWE-840)
Medium
2018-10-16
DVR default username and password
Starbucks
Medium
2018-10-15
linkinfo - openbasedir bypass on Windows PHP
Internet Bug Bounty Improper Access Control - Generic (CWE-284)
Medium
2018-10-15
Command Injection Vulnerability in libnmap Package
Node.js third-party modules Command Injection - Generic (CWE-77)CVE-2018-16461
Medium
2018-10-14
SSRF on jira.mariadb.org
MariaDB Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2018-10-13
Navigation to restricted origins via "Open in new tab"
Brave Software
Medium
2018-10-09
possibility to create account without username
Infogram Violation of Secure Design Principles (CWE-657)
Medium
2018-10-09
Email Spoofing Possible on djangoproject.com Email Domain
Django Business Logic Errors (CWE-840)
Medium
2018-10-05
URL spoofing using protocol handlers
Brave Software
Medium
2018-10-04
URL spoofing in Brave for macOS
Brave Software
Medium
2018-10-04
Improper handling of Chunked data request in sapi_apache2.c leads to Reflected XSS
Internet Bug Bounty Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2018-17082
Medium
2018-10-02
mod_userdir CRLF injection (CVE-2016-4975)
Internet Bug Bounty CRLF Injection (CWE-93)CVE-2016-4975
Medium
2018-10-02
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239