目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,221
关联 CVE
1,854
参与项目数
342
近 7 天新增
4
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Add tweet to collection CSRF
X / xAI Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-08-22
CSRF - Add optional two factor mobile number
Slack Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-08-17
csrf_token cookie don't have the flag "HttpOnly"
Gratipay Cross-Site Request Forgery (CSRF) (CWE-352)
None
2016-08-14
CSRF with redeem coupon request
Instacart Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-08-13
CSRF Full Account Takeover
Concrete CMS Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-08-12
Security Issue : CSRF Token Design Flaw
drchrono Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-07-30
CSRF on Vimeo via cross site flashing leading to info disclosure and private videos go public
Vimeo Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-07-29
[CSRF] Install premium themes
Shopify Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-07-27
CSRF in changing settings of Basic Google Maps Placemarks
Ian Dunn Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-07-25
The 'Create a New Account' action is vulnerable to CSRF
Coinbase Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-07-24
The contribution save option seem to be vulnerable to CSRF
Gratipay Cross-Site Request Forgery (CSRF) (CWE-352)
None
2016-07-17
Possible CSRF during joining report as participant
HackerOne Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-07-12
Newsroom.uber HTML form without CSRF protection
Uber Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-07-07
Multiple Cross Site Request Forgery Vulnerabilities in Concrete5 version 5.7.3.1
Concrete CMS Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-06-26
CSRF in login form would led to account takeover
Ubiquiti Inc. Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-06-20
Lost Password CSRF
Nextcloud Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-06-19
[CRITICAL] CSRF leading to account take over
drchrono Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-06-14
Missing Server Side Validation of CSRF Middleware Token in Change Password Request
Veris Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-06-12
Unauthenticated CSRF(User can input any value for CSRF Token)
Veris Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-06-08
SVG parser loads external resources on image upload
Shopify Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-06-02
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239