目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,222
关联 CVE
1,855
参与项目数
342
近 7 天新增
3
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Value of JSESSIONID and XSRF token parameter in cookie remains same before and after login
RelateIQ Violation of Secure Design Principles (CWE-657)
Unknown
2014-05-14
Flooding mailbox of user
HackerOne Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-30
Arbitrary file uploads to Amazon WS.
HackerOne Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-26
Host Header is not validated resulting in Open Redirect
IRCCloud Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-24
HTTP Strict transport security policy not enabled
Respondly Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-21
No Wildcard DNS
Localize Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-21
Allowed method disclosure
Respondly Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-21
XSRF token problem
RelateIQ Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-20
Securing sensitive pages from SearchBots
HackerOne Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-20
Sensitive file
Localize Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-18
HttpOnly flag not set for cookie on concrete5.org
Concrete CMS Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-16
Bruteforce attack in login panel
Faceless Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-15
Leaking Referrer in Reset Password Link
IRCCloud Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-12
Blocking yourself
Faceless Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-11
User impersonation is possible with incoming webhooks
Slack Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-10
CRITICAL BUG!
MS-DOS Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-01
User Enumeration, Information Disclosure and Lack of Rate Limitation on API
Coinbase Violation of Secure Design Principles (CWE-657)
Unknown
2014-03-31
Control Characters Not Stripped From Username on Signup
HackerOne Violation of Secure Design Principles (CWE-657)
Unknown
2014-03-11
Missing SPF for hackerone.com
HackerOne Violation of Secure Design Principles (CWE-657)
Unknown
2014-01-09
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl440
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239