Hack and Take the Cash !

717 bounties in database

Node.js third-party modules


No technology is perfect, and Node.js believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in a third-party Node.js module, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
Vulnerabilities in Node.js core should be reported to security@nodejs.org.

Disclosure Timeline

* Vulnerability is identified or Disclosed to Node.js Security Team - We will endeavor to keep reporter / finder in the loop with all communications / events.
* Maintainers are notified if it's not a self disclosure.
* After a fix is made available, the public advisory is finalized and a CVE assigned.
* If no fix is available after 45 days, the advisory will timeout and will be made publicly available.

Thank you for helping keep the Node.js ecosystem safe!


Hall of Fame

List your Bug Bounty for free immediately!

Contact us if you want more information.

FireBounty (c) 2016