hackerone
CVE Numbering Authority
Latest CVE published
Overview
hackerone is a CVE Numbering Authority that has published 1,557 CVE records since 2016. It is currently classified as active, with 291 CVEs published in the last two years. Its CVE data quality is graded D (68.9% overall completeness).
Among the 370 CNAs tracked here, hackerone ranks #31 by CVE volume and reports more complete records than 19% of all CNAs.
Data quality report card
How complete and consistent hackerone's CVE records are, scored across vendor, product, CVSS, and CWE coverage.
A CVE record only requires a description to be published. “Completeness” measures how often hackerone also fills in the optional — but extremely useful — fields that make a vulnerability actually actionable: the affected vendor and product, a CVSS severity score, and a CWE weakness type. A higher score means more of this CNA’s CVEs include those details, so defenders spend less time enriching records by hand.
Report card grade
68.9%
Overall score
What these scores mean
- Vendor completeness
- The share of this CNA's CVEs that name an affected vendor.
- Product completeness
- The share that name a specific affected product.
- CVSS completeness
- The share that include a CVSS severity score.
- CWE completeness
- The share mapped to a CWE weakness type.
- Update rate
- How often this CNA revises CVE records after first publishing them.
- Vendor diversity
- How many distinct vendors this CNA publishes CVEs for.
Severity and exploitation
How the CVSS severity of hackerone's published CVEs breaks down, and how many are known to be exploited in the wild.
3 additional CVEs have no CVSS severity score.
In CISA’s Known Exploited Vulnerabilities catalog
27
27 of hackerone's CVEs are confirmed exploited in the wild and carry a CISA remediation deadline.
Common weakness types
The CWE weakness categories hackerone most often assigns to its CVEs. Follow any weakness to its full explanation.
- CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')198 CVEs
- CWE-311Missing Encryption of Sensitive Data148 CVEs
- CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')130 CVEs
- CWE-400Uncontrolled Resource Consumption97 CVEs
- CWE-284Improper Access Control85 CVEs
- CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')59 CVEs
- CWE-200Exposure of Sensitive Information to an Unauthorized Actor54 CVEs
- CWE-94Improper Control of Generation of Code ('Code Injection')52 CVEs
Publishing activity by year
How many CVEs hackerone has published each year.
12-month change
How hackerone's CVE data quality has shifted over the trailing year.
Previous grade
D
Current grade
C
Score change
60.9% → 70.4% (+9.5%)
Improved most in CVSS Completeness (+70.2 pts)
Top vendors
The vendors hackerone publishes the most CVEs for.
- HackerOne470 CVEs
- Ivanti222 CVEs
- Node.js112 CVEs
- NextCloud112 CVEs
- debian99 CVEs
- Ubiquiti96 CVEs
- ui89 CVEs
- fedoraproject73 CVEs
Top products
The products hackerone publishes the most CVEs for.
- Node111 CVEs
- debian linux99 CVEs
- Avalanche83 CVEs
- Node.js76 CVEs
- fedora73 CVEs
- Nextcloud Server68 CVEs
- server65 CVEs
- curl61 CVEs
Latest CVEs
The most recent CVEs assigned by hackerone.
- CVE-2026-56843CWE-522Critical · CVSS 9.9EPSS 0.4%2026-07-08
- CVE-2026-48614CWE-94Critical · CVSS 9.9EPSS 0.3%2026-07-06
- CVE-2026-55119CWE-284High · CVSS 8.1EPSS 0.2%2026-07-02
- CVE-2026-55114CWE-284High · CVSS 8.8EPSS 0.2%2026-07-02
- CVE-2026-56842CWE-863High · CVSS 7.5EPSS 0.2%2026-07-02
- CVE-2026-55116CWE-284Critical · CVSS 9.8EPSS 0.2%2026-07-02
- CVE-2026-56841CWE-89High · CVSS 8.8EPSS 0.2%2026-07-02
- CVE-2026-55115CWE-918Critical · CVSS 9.9EPSS 0.2%2026-07-02
- CVE-2026-55118CWE-284High · CVSS 8.3EPSS 0.2%2026-07-02
- CVE-2026-55112CWE-284High · CVSS 8.8EPSS 0.2%2026-07-02
- CVE-2026-55117CWE-22High · CVSS 8.6EPSS 0.4%2026-07-02
- CVE-2026-55113CWE-918High · CVSS 7.5EPSS 0.2%2026-07-02
Track new hackerone CVEs as they are published and get AI-written analysis and remediation guidance.
Monitor hackerone CVEsOther CNAs
Compare data quality across other CVE Numbering Authorities.
Frequently asked questions
Common questions about the hackerone CNA.
- What is the hackerone CNA?
- hackerone is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 1,557 CVE records since 2016.
- How many CVEs has hackerone published?
- hackerone has published 1,557 CVE records, including 291 in the last two years.
- What is hackerone's CVE data quality grade?
- RadicalNotion.AI grades hackerone's CVE data quality as D, with an overall completeness score of 68.9%. This reflects how consistently its CVE records include vendor (64.1%), product (98.5%), CVSS (20.5%), and CWE (92.4%) information.
- What products does hackerone publish CVEs for?
- hackerone most frequently publishes CVEs for Node, debian linux, Avalanche, Node.js, fedora.
- Which vendors does hackerone cover?
- hackerone publishes CVEs across 63 distinct vendors, most often HackerOne, Ivanti, Node.js, NextCloud, debian.
- Is hackerone actively publishing CVEs?
- hackerone is currently active, based on 291 CVEs in the last two years.
- What is the average severity of hackerone's CVEs?
- The average CVSS base score across hackerone's scored CVEs is 7.6.
- How many critical CVEs has hackerone published?
- hackerone has published 260 critical-severity CVEs and 873 high-severity CVEs.
- Are any of hackerone's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- Yes. 27 of hackerone's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
- What are the most common weakness types in hackerone's CVEs?
- hackerone's CVEs most often map to these CWE weakness types: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-311 (Missing Encryption of Sensitive Data), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-400 (Uncontrolled Resource Consumption).
- How does hackerone rank among CNAs?
- By total CVE volume, hackerone ranks #31 of 370 CNAs, and it reports more complete CVE records than 19% of all CNAs.
References
- Official CVE.org list of CNA partners (opens in a new tab)
- Learn: What is a CNA?
- CWE directory: the weakness types this CNA maps its CVEs to
CNA report-card grades are computed by RadicalNotion.AI from published CVE records. CVE data is sourced from the CVE Program.
Track hackerone CVEs
Monitor new vulnerabilities as this CNA publishes them, with AI-written analysis and remediation guidance.