huntr.dev
Open in
urlscan Pro
2600:9000:224a:c200:14:bb32:5f00:93a1
Public Scan
URL:
https://huntr.dev/
Submission: On May 19 via manual from US — Scanned from DE
Submission: On May 19 via manual from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
huntr Open menu Bounties 124 Community More Responsible disclosure policy FAQ Contact us Hacktivity Leaderboard Submit report Login Logout huntr Close menu -------------------------------------------------------------------------------- Bounties Find your next target Disclose Submit a vulnerability Hacktivity Browse public reports Leaderboard Our leaderboard -------------------------------------------------------------------------------- Policy FAQ Contact us Sign in with GitHub WE FUND OPEN SOURCE SECURITY. WE PAY SECURITY RESEARCHERS FOR FINDING VULNERABILITIES IN ANY GITHUB REPOSITORY AND MAINTAINERS FOR FIXING THEM. Join the fight Come talk Join the fight Come talk -------------------------------------------------------------------------------- 90% OF USERS GOT THEIR FIRST CVE 1.7 CVES AVG. PER USER 3.6 BOUNTIES PER USER AVG. MONTHLY WINNINGS PROTECTING 1000+ REPOS Low risk Arbitrary Code Execution in microsoft/qlib found by @b3ef – fixed by @anon-artist High risk Command Injection in facebook/create-react-app found by @zpbrent – fixed by @zpbrent High risk Arbitrary Code Execution in adobe/ops-cli found by @anon-artist – fixed by @asjidkalam High risk Insecure Deserialization in NVIDIA/runx found by @asjidkalam – fixed by @b3ef Low risk Code Injection in uber/petastorm found by @anon-artist – fixed by @d3m0n-r00t Low risk Arbitrary Code Execution in spotify/postgresql-metrics found by @b3ef – fixed by @anon-artist High risk Command Injection in Azure/ms-rest-nodeauth found by @zpbrent – fixed by @zpbrent Low risk Code Injection in uber/petastorm found by @anon-artist – fixed by @d3m0n-r00t High risk Prototype Pollution in mozilla/node-convict found by @gkmrrr – fixed by @arjunshibu Low risk Arbitrary Code Execution in microsoft/qlib found by @b3ef – fixed by @anon-artist High risk Command Injection in facebook/create-react-app found by @zpbrent – fixed by @zpbrent High risk Arbitrary Code Execution in adobe/ops-cli found by @anon-artist – fixed by @asjidkalam High risk Insecure Deserialization in NVIDIA/runx found by @asjidkalam – fixed by @b3ef Low risk Code Injection in uber/petastorm found by @anon-artist – fixed by @d3m0n-r00t Low risk Arbitrary Code Execution in spotify/postgresql-metrics found by @b3ef – fixed by @anon-artist High risk Command Injection in Azure/ms-rest-nodeauth found by @zpbrent – fixed by @zpbrent Low risk Code Injection in uber/petastorm found by @anon-artist – fixed by @d3m0n-r00t High risk Prototype Pollution in mozilla/node-convict found by @gkmrrr – fixed by @arjunshibu Low risk Arbitrary Code Execution in facebookresearch/ParlAI found by @anon-artist – fixed by @anon-artist High risk Arbitrary Code Execution in adobe/himl found by @anon-artist – fixed by @asjidkalam Medium risk Cross-Site Scripting (XSS) in alibaba/BizCharts found by @ready-research – fixed by @alromh87 Low risk Arbitrary Code Execution in microsoft/nni found by @b3ef – fixed by @anon-artist Low risk Remote Code Execution in heroku/heroku-exec-util found by @mik317 – fixed by @d3m0n-r00t Low risk Arbitrary Code Execution in tensorflow/models found by @b3ef – fixed by @asjidkalam High risk Prototype Pollution in Automattic/mongoose found by @zpbrent – fixed by @zpbrent High risk Heap-based Buffer Overflow in vim/vim found by @geeknik – fixed by @brammool High risk Inefficient Regular Expression Complexity in axios/axios found by @ready-research – fixed by @ready-research Low risk Arbitrary Code Execution in facebookresearch/ParlAI found by @anon-artist – fixed by @anon-artist High risk Arbitrary Code Execution in adobe/himl found by @anon-artist – fixed by @asjidkalam Medium risk Cross-Site Scripting (XSS) in alibaba/BizCharts found by @ready-research – fixed by @alromh87 Low risk Arbitrary Code Execution in microsoft/nni found by @b3ef – fixed by @anon-artist Low risk Remote Code Execution in heroku/heroku-exec-util found by @mik317 – fixed by @d3m0n-r00t Low risk Arbitrary Code Execution in tensorflow/models found by @b3ef – fixed by @asjidkalam High risk Prototype Pollution in Automattic/mongoose found by @zpbrent – fixed by @zpbrent High risk Heap-based Buffer Overflow in vim/vim found by @geeknik – fixed by @brammool High risk Inefficient Regular Expression Complexity in axios/axios found by @ready-research – fixed by @ready-research PROTECTING OPEN SOURCE SOFTWARE THE WORLD'S LARGEST BUG BOUNTY PROGRAMME REVERSE BOUNTIES Supporting those who find vulnerabilities, as well as those who fix them. Submit a vulnerability GLOBAL RECOGNITION All valid reports are eligible for a CVE and are made into public write-ups. Browse the community’s latest finds MILLIONS OF TARGETS With an almost unlimited scope, you won't have to worry about duplicates again! Find a target OUR PROCESS THE STORY OF VULNERABILITY DISCLOSURE, FROM START TO FINISH 1. DISCLOSURE The researcher finds a potential vulnerability in open-source and reports it through our disclosure form 2. NOTIFICATION The maintainer is notified of the report via. email or GitHub communication 3. VALIDATION The maintainer validates the vulnerability 4. REWARD The researcher is awarded the disclosure bounty for their successful vulnerability report 5. FIX The maintainer submits a fix for the vulnerability and is awarded a fix bounty 6. CVE The researcher's report will be assigned a CVE (within one hour!) if the vulnerability is found in the top 40% most popular open-source repositories FUNDING OPEN SOURCE SECURITY WORKING WITH MAINTAINERS TO SUPPORT THEIR PROJECTS UNIVERSAL FOR ALL OPEN SOURCE SOFTWARE $250 monthly prize pot Paid by huntr Reverse bounties Promoted repo No signup needed PARTNER FOR REGISTERED MAINTAINERS $250 monthly prize pot Paid by huntr Reverse bounties Promoted repo Sign-up ENTERPRISE FOR COMMERCIAL OSS Unlimited prize pot Paid by enterprise Triage support Promoted repo Get in touch 2022 © 418sec HUNTR * home * hacktivity * leaderboard * FAQ * contact us * terms * privacy policy PART OF 418SEC * company * about * team Chat with us