Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GitHub Security Lab - HackerOne Reports

View on HackerOne

216

Total Reports

3

Critical

39

High

129

Medium

44

Low

[Python]: Timing attack

Reported by: farid_hunter | Disclosed:

Medium

Bounty: $1800.00

[Java] CWE-918: Added URLClassLoader and WebClient SSRF sinks

Reported by: p0wn4j | Disclosed:

Low

[Java]: CWE 295 - Insecure TrustManager - MiTM

Reported by: intrigus | Disclosed:

Medium

Bounty: $1800.00

[Java] CWE-601: Add Spring URL Redirect ResponseEntity sink

Reported by: p0wn4j | Disclosed:

Medium

[Java] CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Reported by: jessforfun | Disclosed:

Medium

Java: Unsafe deserialization with Jackson

Reported by: artem | Disclosed:

High

Bounty: $4500.00

[Python]: Add SqlAlchemy support for SQL injection query

Reported by: thank_you | Disclosed:

High

[Python] CWE-287: LDAP Improper Authentication

Reported by: jorgectf | Disclosed:

Medium

Bounty: $1800.00

[Java] CWE-552: Unsafe url forward

Reported by: jessforfun | Disclosed:

Medium

[cpp] CWE-787: query to detect unsigned integer to signed integer conversions used in pointer arithmetics

Reported by: jordyzomer | Disclosed:

High

Bounty: $4500.00

ihsinme: CPP Add query for CWE-675 Duplicate Operations on Resource

Reported by: ihsinme | Disclosed:

Low

Bounty: $1000.00

[Java] JShell Injection

Reported by: jessforfun | Disclosed:

Medium

[Java]: CWE-665 Insecure environment during RMI/JMX Server initialisation - All for one bounty

Reported by: timolesml | Disclosed:

Medium

Bounty: $1800.00

[Python] Unsafe unpacking using shutil.unpack_archive() query and tests

Reported by: sim4n6 | Disclosed:

Medium

[Python] CWE-400: Regular Expression Injection

Reported by: jorgectf | Disclosed:

High

Bounty: $4500.00

CodeQL query to detect XSLT injections

Reported by: grzegol | Disclosed:

Medium

Bounty: $1800.00

[Java] CWE-079: Query to detect XSS with JavaServer Faces (JSF)

Reported by: luchua | Disclosed:

Medium

Bounty: $1800.00

[Java]: Add XXE sinks

Reported by: jessforfun | Disclosed:

Medium

[C#] CWE-759: Query to detect password hash without a salt

Reported by: luchua | Disclosed:

Medium

Bounty: $1800.00

Go : Add more JWT sinks

Reported by: porcupineyhairs | Disclosed:

Medium

Page 1 of 11 Next