huntr – the Bug Bounty Platform for any GitHub repository

expressjs / express

JavaScript , Shell

CVE + $750

CVE

up to $750

gruntjs / grunt

JavaScript

CVE + $750

CVE

up to $750

ashtuchkin / iconv-lite

JavaScript

CVE + $750

CVE

up to $750

ljharb / qs

JavaScript

CVE + $750

CVE

up to $750

expressjs / body-parser

JavaScript

CVE + $750

CVE

up to $750

yargs / yargs

JavaScript , TypeScript , HTML

CVE + $750

CVE

up to $750

unshiftio / url-parse

JavaScript , HTML

CVE + $750

CVE

up to $750

qos-ch / slf4j

Java , HTML , CSS , JavaScript , Shell

CVE + $750

CVE

up to $750

spring-projects / spring-framework

Java , Kotlin , Groovy , AspectJ , FreeMarker , CSS , GAP , Shell , XSLT , HTML , Ruby , JavaScript , Smarty , PLpgSQL , Python

CVE + $750

CVE

up to $750

lodash / lodash

JavaScript

CVE + $600

CVE

up to $600

browserify / browserify

JavaScript , HTML , Shell , CoffeeScript

CVE + $565

CVE

up to $565

JamesNK / Newtonsoft.Json

C# , PowerShell , Batchfile

CVE + $565

CVE

up to $565

square / okhttp

Kotlin , Java , Shell

CVE + $565

CVE

up to $565

Seldaek / monolog

PHP

CVE + $435

CVE

up to $435

jashkenas / underscore

JavaScript , HTML

CVE + $380

up to $380

alibaba / fastjson

Java , Kotlin , JavaScript , Shell

CVE + $380

CVE

up to $380

google / gson

Java

CVE + $355

CVE

up to $355

symfony / yaml

PHP

CVE + $335

CVE

up to $335

pallets / jinja

Python , HTML

CVE + $335

CVE

up to $335

mochajs / mocha

JavaScript , CSS , HTML , CoffeeScript

CVE + $295

up to $295

guzzle / guzzle

PHP , JavaScript

CVE + $295

CVE

up to $295

winstonjs / winston

JavaScript , TypeScript

CVE + $255

CVE

up to $255

pallets / click

Python

CVE + $240

CVE

up to $240

yaml / pyyaml

Python , Cython , Shell , C

CVE + $240

CVE

up to $240

DapperLib / Dapper

C# , PowerShell , Batchfile

CVE + $225

CVE

up to $225

urfave / cli

Go , Shell , PowerShell

CVE + $225

CVE

up to $225

twigphp / Twig

PHP , Shell , Twig , HTML

CVE + $210

CVE

up to $210

gorilla / mux

Go

CVE + $210

CVE

up to $210

uber-go / zap

Go , Shell

CVE + $200

CVE

up to $200

FasterXML / jackson-core

Java , Logos , Shell

CVE + $175

CVE

up to $175

slimphp / Slim

PHP

CVE + $175

CVE

up to $175

filp / whoops

PHP , CSS , JavaScript

CVE + $165

CVE

up to $165

chatwoot / chatwoot

Ruby , Vue , JavaScript , SCSS , HTML , Shell

CVE + $165

CVE

up to $165

neo4j / neo4j

Java , Scala , Gherkin , Roff , Shell , PowerShell , Batchfile , HTML

CVE + $155

CVE

up to $155

cakephp / cakephp

PHP , CSS , HTML , Shell , Hack , JavaScript

CVE + $155

CVE

up to $155

Delgan / loguru

Python

CVE + $145

CVE

up to $145

lxml / lxml

Python , Cython , XSLT , C , HTML , Shell

CVE + $135

CVE

up to $135

tidwall / gjson

Go

CVE + $125

CVE

up to $125

paramiko / paramiko

Python

CVE + $120

CVE

up to $120

pyparsing / pyparsing

Python , Batchfile , Jinja

CVE + $110

CVE

up to $110

predis / predis

PHP

CVE + $105

CVE

up to $105

pre-commit / pre-commit

Python , R , Shell , Ruby , PowerShell , Perl , C# , Go , Swift , Dart , JavaScript , Rust

CVE + $95

CVE

up to $95

NLog / NLog

C# , XSLT , PowerShell , CSS , Batchfile

CVE + $85

CVE

up to $85

php-coveralls / php-coveralls

PHP

CVE + $85

CVE

up to $85

rs / zerolog

Go

CVE + $80

CVE

up to $80

cortezaproject / corteza-server

Go , Smarty

CVE + $80

up to $80

serilog / serilog

C# , PowerShell , Shell

CVE + $75

CVE

up to $75

simplejson / simplejson

Python , C

CVE + $75

CVE

up to $75

eclipse / jetty.project

Java , AMPL , JavaScript , HTML , Shell , Groovy , CSS , XSLT

CVE + $70

CVE

up to $70

silexphp / Pimple

PHP

CVE + $70

CVE

up to $70

emicklei / go-restful

Go , Shell

CVE + $65

CVE

up to $65

elastic / elasticsearch-net

C# , F# , HTML , Shell , PowerShell , Batchfile

CVE + $60

CVE

up to $60

grpc-ecosystem / go-grpc-middleware

Go , Shell

CVE + $60

CVE

up to $60

ghodss / yaml

Go

CVE + $60

CVE

up to $60

golang / glog

Go

CVE + $60

CVE

up to $60

apache / logging-log4j2

Java , Shell , Batchfile , JavaScript , Groovy

CVE + $55

up to $55

gitpython-developers / GitPython

Python , Shell

CVE + $55

CVE

up to $55

wandb / client

Python , Objective-C , Shell , Jupyter Notebook , C

CVE + $55

CVE

up to $55

mailru / easyjson

Go , Shell

CVE + $55

CVE

up to $55

IonicaBizau / parse-url

JavaScript

CVE + $50

CVE

up to $50

craftcms / cms

PHP , JavaScript , HTML , SCSS , Vue , Twig , Smarty , Shell , PLpgSQL

CVE + $50

CVE

up to $50

castleproject / Core

C# , Shell , Batchfile

CVE + $45

CVE

up to $45

go-git / go-git

Go , Shell

CVE + $45

CVE

up to $45

uber-go / multierr

Go

CVE + $35

CVE

up to $35

rs / cors

Go

CVE + $35

CVE

up to $35

jaraco / configparser

Python , Roff

CVE + $30

CVE

up to $30

silverstripe / silverstripe-framework

PHP , Scheme , CSS , Shell , JavaScript , HTML

CVE + $25

CVE

up to $25

apache / logging-log4net

C# , JavaScript , CSS , Batchfile , PowerShell

CVE + $20

up to $20

silverstripe / silverstripe-cms

PHP , JavaScript , Gherkin , Scheme , SCSS

CVE + $20

up to $20

TYPO3-CMS / core

PHP , JavaScript , HTML , CSS , Hack

CVE + $20

up to $20

go-logr / logr

Go , Shell

CVE + $20

up to $20

contao / core-bundle

PHP , JavaScript , CSS , Twig

CVE + $15

up to $15

Bounties

Earn cash and CVEs by finding vulnerabilities in any GitHub repo.

Featured repositories