目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,222
关联 CVE
1,855
参与项目数
342
近 7 天新增
3
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
SSRF & Blind XSS in Gravatar email
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
High
2022-01-17
Stored XSS via Mermaid Prototype Pollution vulnerability
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-11-18
Stored XSS вирус в al_video.php?act=a_choose_video_box
VK.com Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-11-05
Stored XSS в m.vk.com/video
VK.com Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-11-05
Stored XSS in main page of a project caused by arbitrary script payload in group "Default initial branch name"
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-09-15
[Swiftype] - Stored XSS via document field `url` triggers on `https://app.swiftype.com/engines/<engine>/document_types/<type>/documents/<id>`
Elastic Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-08-03
Improper Sanitization leads to XSS Fire on admin panel
Informatica Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-08-03
Blind Stored XSS in https://partners.acronis.com/admin which lead to sensitive information/PII leakage
Acronis Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-07-29
Stored XSS in custom emoji
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-07-19
Stored-XSS in merge requests
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-07-13
Stored XSS via Mermaid Prototype Pollution vulnerability
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-07-12
Stored DOM XSS via Mermaid chart
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-07-12
Post-Auth Stored XSS with User Interaction leads to Remote Code Execution
Rocket.Chat Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-06-30
Blind Stored XSS on https://█████████ after filling a request at https://█████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-03-11
Stored XSS through name / last name on https://██████████/
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-03-11
[First 30] Stored XSS on login.uber.com/oauth/v2/authorize via redirect_uri parameter
Uber Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-02-25
Stored XSS in wordpress.com
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-02-17
Stored XSS in Intense Debate comment system
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-02-14
Stored XSS via 64(?) vulnerable fields in ███ leads to credential theft/account takeover
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-02-10
Stored XSS at https://www.█████████.mil
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-02-01
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl440
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239