目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1110

100%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,247
关联 CVE
1,864
参与项目数
343
近 7 天新增
21
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Design Issues on ( ███ ) Lead to show ( IPS of Users )
Nextcloud
Medium
2017-04-05
RCE (Remote Code Execution) Vulnerability on Ruby
Ruby Remote File Inclusion (CWE-98)
Medium
2017-04-05
[github.algolia.com] DOM Based XSS github-btn.html
Algolia Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-03-31
[controlsyou.quora.com] 429 Too Many Requests Error-Page XSS
Quora Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-03-31
[nutty.ubnt.com] DOM Based XSS nuttyapp github-btn.html
Ubiquiti Inc. Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-03-30
[Subgroups] Unprivileged User Can Disclose Private Group Names
GitLab Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2017-03-30
Weak credentials for nutty.ubnt.com
Ubiquiti Inc. Improper Authentication - Generic (CWE-287)
Medium
2017-03-29
Stored passive XSS at scheduled posts (kitcrm.com)
Shopify Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2017-03-28
Nginx Version Disclosure
Airbnb Information Disclosure (CWE-200)
Medium
2017-03-23
pam-ussh may be tricked into using another logged in user's ssh-agent
Uber Improper Authentication - Generic (CWE-287)
Medium
2017-03-20
[IMP] - Blind XSS in the admin panel for reviewing comments
Rockstar Games Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-03-17
Send email asynchronously
Gratipay Uncontrolled Resource Consumption (CWE-400)
Medium
2017-03-17
formassembly.com is vulnerable to padding-oracle attacks.
FormAssembly Cryptographic Issues - Generic (CWE-310)CVE-2016-2107
Medium
2017-03-17
Source Code Disclosure (CGI)
Rockstar Games Information Disclosure (CWE-200)
Medium
2017-03-17
DOM based reflected XSS in rockstargames.com/newswire/tags through cross domain ajax request
Rockstar Games Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-03-17
Reflected XSS via #tags= while using a callback in newswire http://www.rockstargames.com/newswire
Rockstar Games Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-03-16
File upload vulnerability on a DoD website
U.S. Dept Of Defense Unrestricted Upload of File with Dangerous Type (CWE-434)
Medium
2017-03-16
HTML Injection/Load Images vulnerability on a DoD website
U.S. Dept Of Defense Violation of Secure Design Principles (CWE-657)
Medium
2017-03-16
Differential "Show Raw File" feature exposes generated files to unauthorised users
Phabricator Information Disclosure (CWE-200)
Medium
2017-03-16
Cross-site request forgery vulnerability on a DoD website
U.S. Dept Of Defense Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-03-16
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239