目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
10
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:nodejs-ecosystem
[dy-server2] - stored Cross-Site Scripting
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-01-14
[tianma-static] Security issue with XSS.
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2018-16474
Unknown
2020-10-12
[snekserve] Stored XSS via filenames HTML formatted
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2020-09-24
[flsaba] Stored XSS in the file and directory name when directories listing
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2020-09-14
[file-browser] Inadequate Output Encoding and Escaping
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
High
2020-01-29
[node-red] Stored XSS within Flow's - "Name" field
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-15607
Medium
2020-01-11
Stored XSS (Hexo-admin plugin)
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2020-01-11
[seeftl] Stored XSS when directory listing via filename.
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-15603
Medium
2019-12-31
[fileview] Inadequate Output Encoding and Escaping
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-15602
High
2019-12-28
[http_server] Stored XSS in the filename when directories listing
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2019-09-13
[http-file-server] Stored XSS in the filename when directories listing
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-5458
Medium
2019-07-24
[takeapeek] XSS via HTML tag injection in directory lisiting page
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-07-01
[tianma-static] Stored xss on filename
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2018-16474
Medium
2018-11-02
[serve] Stored XSS in the filename when directories listing
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-10-19
[serve] XSS via HTML tag injection in directory lisiting page
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-10-19
stored xss in scrape-metadata when reading metadata from an html page
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
High
2018-07-27
Stored XSS in Node-Red
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
High
2018-07-18
[m-server] HTML Injection in filenames displayed as directory listing in the browser allows to embed iframe with malicious JavaScript code
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2018-16484
Medium
2018-07-12
[buttle] HTML Injection in filename leads to XSS when directory listing is displayed in the browser
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-5422
Medium
2018-07-04
[sexstatic] HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2018-3755
Medium
2018-05-29
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895