目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1020

100%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,245
关联 CVE
1,864
参与项目数
343
近 7 天新增
23
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
DOM Based XSS in mycrypto.com
MyCrypto Cross-site Scripting (XSS) - DOM (CWE-79)
Medium
2018-03-18
Corrupt RPC responses from remote daemon nodes can lead to transaction tracing
Monero Privacy Violation (CWE-359)
Medium
2018-03-16
Information disclosure through search engines (password reset token)
Upserve Information Disclosure (CWE-200)
Medium
2018-03-13
Security misconfiguration "weak passwords".
Semrush Violation of Secure Design Principles (CWE-657)
Medium
2018-03-13
Email Spoofing
Semrush Violation of Secure Design Principles (CWE-657)
Medium
2018-03-13
Can read features from any user
HackerOne Information Disclosure (CWE-200)
Medium
2018-03-12
code.wordpress.net subdomain Takeover
WordPress
Medium
2018-03-11
Access to Private Photos of Apps in App section(IDOR)
Shopify Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2018-03-05
Blind XXE on pu.vk.com
VK.com XML External Entities (XXE) (CWE-611)
Medium
2018-03-04
wpjobmanager - unserialize of user input
Automattic
Medium
2018-03-03
SSH server compatible with several vulnerable cryptographic algorithms
GSA Bounty Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
Medium
2018-03-02
[growth.grab.com] Reflected XSS via Base64-encoded "q" param on "my.html" Valentine's microsite
Grab Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2018-03-02
[uppy] Stored XSS due to crafted SVG file
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-03-01
Registration enabled on ███grab.com
Grab Information Disclosure (CWE-200)
Medium
2018-02-28
myshopify.com domain takeover
Shopify Business Logic Errors (CWE-840)
Medium
2018-02-27
Persistent DOM-based XSS in https://help.twitter.com via localStorage
X / xAI Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-02-24
[gem server] Stored XSS via crafted JavaScript URL inclusion in Gemspec
RubyGems Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-02-22
XSS at https://app.goodhire.com/member/GH.aspx
Inflection
Medium
2018-02-21
Cookie bomb
GitLab Uncontrolled Resource Consumption (CWE-400)
Medium
2018-02-16
The request tells the number of private programs, the new system of authorization /invite/token
HackerOne Information Disclosure (CWE-200)
Medium
2018-02-14
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239