Bounties
Partners
Community
Info
ionicabizau / parse-url
Project repository
:rocket: An advanced url parser supporting git urls too.
Submit a report
FIRST INTERACTION
WITHIN
10 DAYS
REVIEW
WITHIN
10 DAYS
FIX
WITHIN
92 DAYS
SSRF via ssh parsing abuse
Sep 14th 2022
kevin-mizu
•
pending
Hostname Spoofing
Sep 13th 2022
ce-automne
•
Critical
Critical
•
CVE-2022-3224
CVE-2022-3224
SSRF bypass localhost with a domain redirection
Aug 19th 2022
nhienit2010
•
not applicable
Allow File protocol lead to read local file
Aug 19th 2022
nhienit2010
•
informative
Critical
Cross-site Scripting via parse URL
Aug 19th 2022
nhienit2010
•
informative
Critical
parser bypass and make SSRF attack
Sep 13th 2022
ranjit-git
•
Critical
•
$915
Critical
•
$915
•
CVE-2022-2900
CVE-2022-2900
xss bug
Aug 3rd 2022
ranjit-git
•
informative
Critical
xss via improper parsing of javascript: url
Aug 3rd 2022
haxatron
•
Critical
•
$915
Critical
•
$915
Improper Input Validation leading to Cross-site Scripting (XSS)
Jul 18th 2022
ooggle
•
not applicable
XSS due to improper input
Jul 18th 2022
inweol
•
duplicate
High
Regular Expression Denial of Service (ReDoS)
Aug 3rd 2022
yetingli
•
Medium
•
$155
Medium
•
$155
Cross Site Scripting via Improper Input Validation (parser differential)
Aug 3rd 2022
416e6e61
•
Critical
•
$915
Critical
•
$915
File Protocol Spoofing
Aug 3rd 2022
vovikhangcdv
•
Critical
•
$915
Critical
•
$915
Open Redirect
Aug 3rd 2022
kevin-mizu
•
informative
Medium
Cross-site Scripting (XSS) due to Improper Input Validation
Jun 30th 2022
kevin-mizu
•
informative
Critical
Cross Site Scripting via Improper Input Validation
Jun 30th 2022
p0cas
•
duplicate
Critical
Cross Site Scripting via Improper Input Validation
Jun 28th 2022
p0cas
•
duplicate
Critical
Cross Site Scripting via Improper Input Validation
Jun 28th 2022
p0cas
•
not applicable
Back-slash is treated as forward-slash
Jun 30th 2022
sim4n6
•
informative
High
null
Jun 27th 2022
p0cas
•
self closed
null
Jun 27th 2022
p0cas
•
self closed
SSRF via Improper Input Validation
Jun 27th 2022
p0cas
•
informative
Critical
XSS via improper input validation
Jun 27th 2022
haxatron
•
informative
Critical
The previous report not fixed correctly
Jun 27th 2022
am0o0
•
informative
Critical
The previous report not fixed correctly
Jun 27th 2022
am0o0
•
informative
Critical
SSRF with forged resource
Jun 27th 2022
am0o0
•
informative
Critical
SSRF via Improper Input Validation
Jun 27th 2022
p0cas
•
Critical
•
$915
Critical
•
$915
•
CVE-2022-2216
CVE-2022-2216
Cross Site Scripting via Improper Input Validation
Jun 27th 2022
p0cas
•
Critical
•
$915
Critical
•
$915
Cross Site Scripting via Improper Input Validation
Jun 27th 2022
p0cas
•
Critical
•
$915
Critical
•
$915
https://huntr.dev/bounties/582cb14b-b2a8-4064-91c5-b580ff69ba07/ fix bypass; XSS...
Jun 27th 2022
haxatron
•
Critical
•
$915
Critical
•
$915
Run malicious JS code with other kinds of encoding
Jun 27th 2022
am0o0
•
Critical
•
$1098
Critical
•
$1098
•
CVE-2022-2217
CVE-2022-2217
Bypass of last fix
Jun 27th 2022
am0o0
•
Critical
•
$915
Critical
•
$915
•
CVE-2022-2218
CVE-2022-2218
Cross Site Scripting via Improper Input Validation (Based on CRLF)
Jun 6th 2022
p0cas
•
Critical
•
$915
Critical
•
$915
? before the @ sign allows one to bypass whitelists
Jun 27th 2022
haxatron
•
High
•
$155
High
•
$155
Malicious usage of '+' in protocol can lead to whitelist bypasses
Jun 27th 2022
haxatron
•
None
•
$155
None
•
$155
hostname spoofing via Improper Input Validation
Jun 27th 2022
p0cas
•
None
None
Open Redirect
Jun 27th 2022
p0cas
•
None
None
protocol spoofing
Jun 27th 2022
p0cas
•
High
•
$155
High
•
$155
hostname spoofing via javascript
Jun 27th 2022
p0cas
•
High
•
$155
High
•
$155
Improper Input Validation
Jun 27th 2022
p0cas
•
High
•
$155
High
•
$155
Improper Input Validation
Jun 27th 2022
p0cas
•
Medium
•
$40
Medium
•
$40
Exposure of Sensitive Information to an Unauthorized Actor
Jun 27th 2022
am0o0
•
Medium
•
$50
Medium
•
$50
•
CVE-2022-0722
CVE-2022-0722
Authentication Bypass by Primary Weakness
Jun 27th 2022
ranjit-git
•
High
•
$60
High
•
$60
Open Redirect
Jun 27th 2022
x3rz
•
Medium
•
$32
Medium
•
$32
Open Redirect
Jun 27th 2022
ready-research
•
Medium
•
$40
Medium
•
$40
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
