Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Node.js - HackerOne Reports

View on HackerOne

113

Total Reports

8

Critical

37

High

44

Medium

15

Low

url.parse() hostname spoofing via javascript: URIs

Reported by: bayotop | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Multiple HTTP/2 DOS Issues

Reported by: jasnell | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

HTTP Request Smuggling due to CR-to-Hyphen conversion

Reported by: amitklein | Disclosed:

High

Weakness: HTTP Request Smuggling

DNS Max Responses for DOS

Reported by: zeus1999 | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

Bounty: $250.00

Weak randomness in WebCrypto keygen

Reported by: bnoordhuis | Disclosed:

High

Weakness: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Permission model improperly protects against path traversal

Reported by: tniessen | Disclosed:

High

Weakness: Path Traversal

Bypass network import restriction via data URL

Reported by: dittyroma | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Permissions policies can be bypassed via Module._load.

Reported by: mattaustin | Disclosed:

High

Weakness: Privilege Escalation

Multiple OpenSSL error handling issues in nodejs crypto library

Reported by: mjones-vsat | Disclosed:

Medium

Weakness: Cryptographic Issues - Generic

Unexpected input validation of octal literals in nodejs v15.12.0 and below returns defined values for all undefined octal literals.

Reported by: sickcodes | Disclosed:

Critical

Weakness: Use of Inherently Dangerous Function

CVEs: CVE-2020-28360

Regular Expression Denial of Service in Headers

Reported by: sno2 | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

CRLF Injection in legacy url API (url.parse().hostname)

Reported by: vavkamil | Disclosed:

Medium

Weakness: CRLF Injection

Node.js: use-after-free in TLSWrap

Reported by: fwilhelm | Disclosed:

High

Weakness: Use After Free

Improper error handling in async cryptographic operations crashes process

Reported by: tniessen | Disclosed:

High

Weakness: Cryptographic Issues - Generic

HTTP Request Smuggling via Content Length Obfuscation

Reported by: bpingel | Disclosed:

Medium

Weakness: HTTP Request Smuggling

Code injection and privilege escalation through Linux capabilities

Reported by: tniessen | Disclosed:

High

Weakness: Privilege Escalation

Prototype pollution via console.table properties

Reported by: rugvip | Disclosed:

Low

Weakness: Modification of Assumed-Immutable Data (MAID)

Worker permission bypass via InternalWorker leak in diagnostics

Reported by: leodog896 | Disclosed:

High

Weakness: Improper Access Control - Generic

Use After Free in crypto.randomFill

Reported by: tunz | Disclosed:

Weakness: Use After Free

HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion

Reported by: omicronenergy | Disclosed:

Critical

Weakness: Uncontrolled Resource Consumption

Previous Page 5 of 6 Next