huntr.dev Open in urlscan Pro
2600:9000:224a:c200:14:bb32:5f00:93a1  Public Scan

Form analysis
0 forms found in the DOM

Text Content

huntr
Open menu
Bounties 124 Community More

Responsible disclosure policy

FAQ

Contact us

Hacktivity

Leaderboard

Submit report Login

Logout

huntr
Close menu

--------------------------------------------------------------------------------

Bounties
Find your next target
Disclose
Submit a vulnerability
Hacktivity
Browse public reports
Leaderboard
Our leaderboard

--------------------------------------------------------------------------------

Policy FAQ Contact us
Sign in with GitHub


WE FUND
OPEN SOURCE SECURITY.


WE PAY SECURITY RESEARCHERS FOR FINDING VULNERABILITIES IN ANY GITHUB REPOSITORY
AND MAINTAINERS FOR FIXING THEM.

Join the fight Come talk

Join the fight Come talk

--------------------------------------------------------------------------------


90% OF USERS

GOT THEIR FIRST CVE


1.7 CVES

AVG. PER USER


3.6 BOUNTIES PER USER

AVG. MONTHLY WINNINGS


PROTECTING 1000+ REPOS

Low risk Arbitrary Code Execution in
microsoft/qlib

found by @b3ef – fixed by @anon-artist

High risk Command Injection in
facebook/create-react-app

found by @zpbrent – fixed by @zpbrent

High risk Arbitrary Code Execution in
adobe/ops-cli

found by @anon-artist – fixed by @asjidkalam

High risk Insecure Deserialization in
NVIDIA/runx

found by @asjidkalam – fixed by @b3ef

Low risk Code Injection in
uber/petastorm

found by @anon-artist – fixed by @d3m0n-r00t

Low risk Arbitrary Code Execution in
spotify/postgresql-metrics

found by @b3ef – fixed by @anon-artist

High risk Command Injection in
Azure/ms-rest-nodeauth

found by @zpbrent – fixed by @zpbrent

Low risk Code Injection in
uber/petastorm

found by @anon-artist – fixed by @d3m0n-r00t

High risk Prototype Pollution in
mozilla/node-convict

found by @gkmrrr – fixed by @arjunshibu

Low risk Arbitrary Code Execution in
microsoft/qlib

found by @b3ef – fixed by @anon-artist

High risk Command Injection in
facebook/create-react-app

found by @zpbrent – fixed by @zpbrent

High risk Arbitrary Code Execution in
adobe/ops-cli

found by @anon-artist – fixed by @asjidkalam

High risk Insecure Deserialization in
NVIDIA/runx

found by @asjidkalam – fixed by @b3ef

Low risk Code Injection in
uber/petastorm

found by @anon-artist – fixed by @d3m0n-r00t

Low risk Arbitrary Code Execution in
spotify/postgresql-metrics

found by @b3ef – fixed by @anon-artist

High risk Command Injection in
Azure/ms-rest-nodeauth

found by @zpbrent – fixed by @zpbrent

Low risk Code Injection in
uber/petastorm

found by @anon-artist – fixed by @d3m0n-r00t

High risk Prototype Pollution in
mozilla/node-convict

found by @gkmrrr – fixed by @arjunshibu

Low risk Arbitrary Code Execution in
facebookresearch/ParlAI

found by @anon-artist – fixed by @anon-artist

High risk Arbitrary Code Execution in
adobe/himl

found by @anon-artist – fixed by @asjidkalam

Medium risk Cross-Site Scripting (XSS) in
alibaba/BizCharts

found by @ready-research – fixed by @alromh87

Low risk Arbitrary Code Execution in
microsoft/nni

found by @b3ef – fixed by @anon-artist

Low risk Remote Code Execution in
heroku/heroku-exec-util

found by @mik317 – fixed by @d3m0n-r00t

Low risk Arbitrary Code Execution in
tensorflow/models

found by @b3ef – fixed by @asjidkalam

High risk Prototype Pollution in
Automattic/mongoose

found by @zpbrent – fixed by @zpbrent

High risk Heap-based Buffer Overflow in
vim/vim

found by @geeknik – fixed by @brammool

High risk Inefficient Regular Expression Complexity in
axios/axios

found by @ready-research – fixed by @ready-research

Low risk Arbitrary Code Execution in
facebookresearch/ParlAI

found by @anon-artist – fixed by @anon-artist

High risk Arbitrary Code Execution in
adobe/himl

found by @anon-artist – fixed by @asjidkalam

Medium risk Cross-Site Scripting (XSS) in
alibaba/BizCharts

found by @ready-research – fixed by @alromh87

Low risk Arbitrary Code Execution in
microsoft/nni

found by @b3ef – fixed by @anon-artist

Low risk Remote Code Execution in
heroku/heroku-exec-util

found by @mik317 – fixed by @d3m0n-r00t

Low risk Arbitrary Code Execution in
tensorflow/models

found by @b3ef – fixed by @asjidkalam

High risk Prototype Pollution in
Automattic/mongoose

found by @zpbrent – fixed by @zpbrent

High risk Heap-based Buffer Overflow in
vim/vim

found by @geeknik – fixed by @brammool

High risk Inefficient Regular Expression Complexity in
axios/axios

found by @ready-research – fixed by @ready-research


PROTECTING OPEN SOURCE SOFTWARE


THE WORLD'S LARGEST BUG BOUNTY PROGRAMME




REVERSE BOUNTIES

Supporting those who find vulnerabilities, as well as those who fix them.

Submit a vulnerability




GLOBAL RECOGNITION

All valid reports are eligible for a CVE and are made into public write-ups.

Browse the community’s latest finds




MILLIONS OF TARGETS

With an almost unlimited scope, you won't have to worry about duplicates again!

Find a target




OUR PROCESS


THE STORY OF VULNERABILITY DISCLOSURE, FROM START TO FINISH


1. DISCLOSURE

The researcher finds a potential vulnerability in open-source and reports it
through our disclosure form




2. NOTIFICATION

The maintainer is notified of the report via. email or GitHub communication


3. VALIDATION

The maintainer validates the vulnerability


4. REWARD

The researcher is awarded the disclosure bounty for their successful
vulnerability report




5. FIX

The maintainer submits a fix for the vulnerability and is awarded a fix bounty


6. CVE

The researcher's report will be assigned a CVE (within one hour!) if the
vulnerability is found in the top 40% most popular open-source repositories




FUNDING OPEN SOURCE SECURITY


WORKING WITH MAINTAINERS TO SUPPORT THEIR PROJECTS


UNIVERSAL


FOR ALL OPEN SOURCE SOFTWARE

$250 monthly prize pot
Paid by huntr
Reverse bounties
Promoted repo
No signup needed


PARTNER


FOR REGISTERED MAINTAINERS

$250 monthly prize pot
Paid by huntr
Reverse bounties
Promoted repo
Sign-up


ENTERPRISE


FOR COMMERCIAL OSS

Unlimited prize pot
Paid by enterprise
Triage support
Promoted repo
Get in touch

2022 © 418sec




HUNTR

 * home
 * hacktivity
 * leaderboard
 * FAQ
 * contact us
 * terms
 * privacy policy


PART OF 418SEC

 * company
 * about
 * team


Chat with us