目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
14
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:gitlab
Unauthorized access to private project security dashboard
GitLab Information Disclosure (CWE-200)
Medium
2020-11-21
Todos are not redacted when membership changes - Access to (confidential) issues and merge requests
GitLab Information Disclosure (CWE-200)
Medium
2020-11-02
Elasticsearch leaks data through the notes scope
GitLab Improper Access Control - Generic (CWE-284)
Medium
2020-10-06
Transferring a public group to a private group doesn't remove code from the Elastichsearch API search result
GitLab Improper Access Control - Generic (CWE-284)
Medium
2020-10-06
Stored XSS on PyPi simple API endpoint
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2020-09-09
SSRF into Shared Runner, by replacing dockerd with malicious server in Executor
GitLab Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2020-09-08
Initial mirror user can be assigned by other user even if the mirror was removed
GitLab Improper Access Control - Generic (CWE-284)
Medium
2020-08-26
SSRF In plantuml (on plantuml.pre.gitlab.com)
GitLab Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2020-08-17
Stored XSS in blob viewer
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2020-08-04
Unrestricted file upload leads to Stored XSS
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2020-08-03
Send arbitrary PUT requests when user clicks on a link
GitLab Command Injection - Generic (CWE-77)
Medium
2020-07-27
Uncontrolled Resource Consumption in any Markdown field using Mermaid
GitLab Uncontrolled Resource Consumption (CWE-400)CVE-2019-15584CVE-2019-9220
Medium
2019-12-20
Blocked user Git access through CI/CD token
GitLab Improper Access Control - Generic (CWE-284)CVE-2019-15589
Medium
2019-12-13
Container scanning and Dependency scanning report leaked to unauthorized users
GitLab Improper Access Control - Generic (CWE-284)CVE-2019-15591CVE-2017-18269CVE-2017-16997CVE-2018-1000001CVE-2016-10228CVE-2018-18520CVE-2010-4052CVE-2018-16869CVE-2018-18311CVE-2014-3488CVE-2017-12794CVE-2018-1000201
Medium
2019-12-13
GraphQL query "namespace" leaks data
GitLab Improper Access Control - Generic (CWE-284)
Medium
2019-12-03
Bypassing push rules via MRs created by Email
GitLab Improper Access Control - Generic (CWE-284)
Medium
2019-10-01
Bypass Email Verification -- Able to Access Internal Gitlab Services that use Login with Gitlab and Perform Check on email domain
GitLab Reliance on Untrusted Inputs in a Security Decision (CWE-807)CVE-2019-5473
Medium
2019-08-30
GitLab's GitHub integration is vulnerable to SSRF vulnerability
GitLab Server-Side Request Forgery (SSRF) (CWE-918)CVE-2019-5461
Medium
2019-08-30
DoS on the Issue page by exploiting Mermaid.
GitLab Uncontrolled Resource Consumption (CWE-400)
Medium
2019-05-13
SSRF in CI after first run
GitLab Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2019-04-12
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895