Submit a zero-day and be rewarded for your efforts.
Earn a reward by reviewing and fixing
View maintainer approved disclosures and patches.
Submit your first disclosure
Help and resources for your first vulnerability
Follow us on how we're protecting open source.
Read our policy and understand what vulnerabilities
are in scope.
Find an answer to all the common questions you may
Level-up in Open Source Bug Bounty
Let us know your thoughts by getting in touch.
Remote Code Execution (RCE) in arpping
const Arpping = require('arpping');
var arpping = new Arpping();
npm i arpping # Install affected module
node poc.js # Run the PoC