目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
11
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:rails
Prevent XSS when passing a parameter directly into link_to
Ruby on Rails Cross-site Scripting (XSS) - DOM (CWE-79)
Low
2020-05-13
Missing resource identifier encoding may lead to security vulnerabilities
Ruby on Rails Information Disclosure (CWE-200)CVE-2020-8151
Medium
2020-05-13
RCE which may occur due to `ActiveSupport::MessageVerifier` or `ActiveSupport::MessageEncryptor` (especially Active storage)
Ruby on Rails Command Injection - Generic (CWE-77)CVE-2019-5420
High
2019-03-13
ActiveStorage service's signed URLs can be hijacked via AppCache+Cookie stuffing trick when using GCS or DiskService
Ruby on Rails Information Disclosure (CWE-200)CVE-2018-16477
High
2018-12-27
Specially constructed multi-part requests cause multi-second response times; vulnerable to DoS
Ruby on Rails CVE-2018-16470
Medium
2018-12-05
Validation bypass for queries generated for PostgreSQL
Ruby on Rails
Unknown
2018-11-19
Path Traversal on Default Installed Rails Application (Asset Pipeline)
Ruby on Rails Path Traversal (CWE-22)CVE-2018-3760
Medium
2018-07-19
XSS vulnerability in sanitize-method when parsing link's href
Ruby on Rails Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2018-3741
Medium
2018-03-22
Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass
Ruby on Rails CVE-2016-6317CVE-2012-2660CVE-2012-2694CVE-2013-0155
Unknown
2018-02-07
Data-Tags and the New HTML Sanitizer Subverts CSRF protection
Ruby on Rails Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-03-13
[Rails42] We can inject HTML tags when server is using strip_tags method
Ruby on Rails Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-03-13
DoS Attack in Controller Lookup Code
Ruby on Rails Uncontrolled Resource Consumption (CWE-400)
Unknown
2016-03-13
http_basic_authenticate_with is suseptible to timing attacks.
Ruby on Rails Improper Authentication - Generic (CWE-287)
Unknown
2016-03-13
Potential XSS on sanitize/Rails::Html::WhiteListSanitizer
Ruby on Rails Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-03-13
Regarding [CVE-2016-0752] Possible Information Leak Vulnerability in Action View
Ruby on Rails Code Injection (CWE-94)CVE-2016-0752
Unknown
2016-03-01
Remote code execution using render :inline
Ruby on Rails Code Injection (CWE-94)CVE-2016-0752
Unknown
2016-03-01
Nested attributes reject_if proc can be circumvented by providing "_destroy" parameter
Ruby on Rails
High
2016-02-12
Validation bypass for Active Record and Active Model
Ruby on Rails Violation of Secure Design Principles (CWE-657)
Medium
2016-02-12
Explicit, dynamic render path: Dir. Trav + RCE
Ruby on Rails Code Injection (CWE-94)
High
2016-02-12
Changeable model ids on vanilla update can lead to severely bad side-effects
Ruby on Rails Violation of Secure Design Principles (CWE-657)
Unknown
2016-02-12
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895