Disclose
Submit a zero-day and be rewarded for your efforts.
Fix
Earn a reward by reviewing and fixing vulnerabilities.
Hacktivity
View maintainer approved disclosures and patches.
Submit your first disclosure
Help and resources for your first vulnerability disclosure.
Blog
Follow us on how we're protecting open source.
Responsible disclosure
Read our policy and understand what vulnerabilities are in scope.
FAQ
Find an answer to all the common questions you may have.
Dojo
Level-up in Open Source Bug Bounty
Contact us
Let us know your thoughts by getting in touch.
curling is a node wrapper for curl with a very simple api. Affected versions of this package are vulnerable to Command Injection via the run(command,cb) function. The command argument can be controlled by users without any sanitization.
run(command,cb)
command