--- http_interactions: - request: method: get uri: https://api.hackerone.com/v1/reports?filter%5Bcreated_at__lt%5D=2017-02-11T16:00:44-10:00&filter%5Bprogram%5D%5B0%5D=github&filter%5Bstate%5D%5B0%5D=new body: encoding: US-ASCII string: '' headers: Authorization: - Basic == User-Agent: - Faraday v1.3.0 Accept-Encoding: - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 Accept: - "*/*" response: status: code: 200 message: OK headers: Date: - Tue, 26 Jan 2021 01:59:08 GMT Content-Type: - application/json; charset=utf-8 Transfer-Encoding: - chunked Connection: - keep-alive Set-Cookie: - __cfduid=d1825b95f694de8ff5c78cb985c261f491611626346; expires=Thu, 25-Feb-21 01:59:06 GMT; path=/; Domain=api.hackerone.com; HttpOnly; SameSite=Lax; Secure X-Request-Id: - 3d4375bc-4de0-4760-85b8-003b3e09420d Etag: - W/"f33bd1b1c69b6617410c264d74fffa56" Cache-Control: - max-age=0, private, must-revalidate Strict-Transport-Security: - max-age=31536000; includeSubDomains; preload X-Frame-Options: - DENY X-Content-Type-Options: - nosniff X-Xss-Protection: - 1; mode=block X-Download-Options: - noopen X-Permitted-Cross-Domain-Policies: - none Referrer-Policy: - strict-origin-when-cross-origin Expect-Ct: - enforce, max-age=86400 Content-Security-Policy: - 'default-src ''none''; base-uri ''self''; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src ''self'' www.google-analytics.com errors.hackerone.net; font-src ''self''; form-action ''self''; frame-ancestors ''none''; img-src ''self'' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src ''self'' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src ''self'' www.google-analytics.com; style-src ''self'' ''unsafe-inline''; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d' Cf-Cache-Status: - DYNAMIC Cf-Request-Id: - 07de0391de0000fda912ab2000000001 Server: - cloudflare Cf-Ray: - 6176a1fc9fcefda9-PDX body: encoding: ASCII-8BIT string: '{"data":[{"id":"440362","type":"report","attributes":{"title":"gewgwe","state":"new","created_at":"2016-11-13T23:01:55.070Z","vulnerability_information":"gewewg\n\n## Impact\n\ngwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-13T23:01:55.139Z","first_program_activity_at":"2016-11-13T23:01:55.139Z","last_program_activity_at":"2016-11-13T23:01:55.139Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-13T23:01:55.139Z","last_activity_at":"2016-11-13T23:05:46.933Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"240715","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-13T23:01:55.102Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer Underflow","description":"The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"434162","type":"report","attributes":{"title":"fewew","state":"new","created_at":"2016-11-05T02:24:29.286Z","vulnerability_information":"fewfew\n\n## Impact\n\nfewfwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-05T02:24:29.343Z","first_program_activity_at":"2016-11-05T02:24:29.343Z","last_program_activity_at":"2016-11-05T02:24:29.343Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"issue_tracker_reference_id":"abc","last_public_activity_at":"2016-11-05T02:24:29.343Z","last_activity_at":"2016-11-13T23:14:58.672Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"234626","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-05T02:24:29.316Z"}}},"weakness":{"data":{"id":"73","type":"weakness","attributes":{"name":"Phishing","description":"Phishing is a social engineering technique where an attacker masquerades as a legitimate entity with which the victim might do business in order to prompt the user to reveal some confidential information (very frequently authentication credentials) that can later be used by an attacker. Phishing is essentially a form of information gathering or \"fishing\" for information.","external_id":"capec-98","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"434100","type":"report","attributes":{"title":"gewgwe","state":"new","created_at":"2016-11-04T20:11:35.887Z","vulnerability_information":"gewgew\n\n## Impact\n\ngwegwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-04T20:11:36.005Z","first_program_activity_at":"2016-11-04T20:11:36.005Z","last_program_activity_at":"2016-11-04T20:11:36.005Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-04T20:11:36.005Z","last_activity_at":"2016-11-04T20:11:37.381Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"234571","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-04T20:11:35.963Z"}}},"weakness":{"data":{"id":"76","type":"weakness","attributes":{"name":"Malware","description":"An adversary installs and executes malicious code on the target system in an effort to achieve a negative technical impact.","external_id":"capec-549","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"434096","type":"report","attributes":{"title":"Testing","state":"new","created_at":"2016-11-04T19:50:18.883Z","vulnerability_information":"lfkjewjl\n\n## Impact\n\nflejwljkwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-04T19:50:18.960Z","first_program_activity_at":"2016-11-04T19:50:18.960Z","last_program_activity_at":"2016-11-04T19:50:18.960Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-04T19:50:18.960Z","last_activity_at":"2016-11-04T19:50:18.960Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"234568","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-04T19:50:18.923Z"}}},"weakness":{"data":{"id":"76","type":"weakness","attributes":{"name":"Malware","description":"An adversary installs and executes malicious code on the target system in an effort to achieve a negative technical impact.","external_id":"capec-549","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15939","type":"structured-scope","attributes":{"asset_type":"HARDWARE","asset_identifier":"GitHub Enterprise","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"GitHub Enterprise is the on-premises version of GitHub. GitHub Enterprise shares a code-base with GitHub.com, is built on Ruby on Rails and leverages a number of open source technologies.\n\nGitHub Enterprise adds a number of features for enterprise infrastructures. This includes additional authentication backends and clustering options. Below is a subset of features unique to GitHub Enterprise that might be interesting to investigate.\n\n- Instance-wide authentication ([*private mode*](https://help.github.com/enterprise/admin/guides/installation/enabling-private-mode/))\n- External authentication backends including [CAS, LDAP, and SAML](https://help.github.com/enterprise/admin/guides/user-management/)\n- In-app administration of the instance using a site administrator control panel\n- [User, organization, and repository migration](https://help.github.com/enterprise/admin/guides/migrations/)\n- [Web-based management console](https://help.github.com/enterprise/admin/guides/installation/web-based-management-console/) and [SSH access](https://help.github.com/enterprise/admin/guides/installation/administrative-shell-ssh-access/) to configure and update the instance\n- [Pre-receive hook scripts](https://help.github.com/enterprise/admin/guides/developer-workflow/creating-a-pre-receive-hook-script/)\n\nYou can request a trial of GitHub Enterprise for security testing at [https://enterprise.github.com/bounty](https://enterprise.github.com/bounty).\n\n- Resources and features provided by the latest patch release of each non-deprecated version of the GitHub Enterprise virtual machine. Major versions of GitHub Enterprise are deprecated one year after release. For more information see [this list of releases](https://enterprise.github.com/releases/).\n- All listening services hosted on a GitHub Enterprise instance. See [our documentation](https://help.github.com/enterprise/admin/guides/installation/network-ports-to-open/) for a reference of ports typically opened on a GitHub Enterprise instance.\n- Code de-obfuscation may be explored to further investigate GitHub Enterprise, but only for the purpose of the bounty program. Bounty hunters still need to abide by all of our other Bounty program rules and terms and the applicable software license terms.\n\nIneligible submissions:\n- Vulnerabilities caused by lack of subdomain isolation\n- Escalation to the root user via sudo\n- Bypassing source code de-obfuscation\n","max_severity":"critical","created_at":"2016-10-29T20:48:48.915Z","updated_at":"2016-10-29T20:48:48.915Z","reference":""}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"430397","type":"report","attributes":{"title":"Demo report: XSS in GitHub test home page","state":"new","created_at":"2016-10-29T18:07:20.617Z","vulnerability_information":"In some ***fantasy world***, the home page of GitHub test is vulnerable to an *imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2. Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability allows us to run an external script on your website that for example steals the cookies of the users that''s facing the XSS and thus gaining access to the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-01T18:07:30.449Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-01T18:07:30.449Z","last_activity_at":"2016-11-01T18:07:30.449Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"170761","type":"user","attributes":{"username":"philipturnbull","name":"Phil Turnbull","disabled":false,"created_at":"2017-05-24T18:37:20.644Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/170/761/32db5fe3b68ab940c08762597cf6dc218ea569ab_original.jpeg/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/170/761/32db5fe3b68ab940c08762597cf6dc218ea569ab_original.jpeg/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbHhqIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--1288f07999072babe0cdf90162e1f6f7da35aa14/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9VWTI5dFltbHVaVjl2Y0hScGIyNXpld2c2REdkeVlYWnBkSGxKSWd0RFpXNTBaWElHT2daRlZEb0xjbVZ6YVhwbFNTSU5NVEV3ZURFeE1GNEdPd2RVT2dsamNtOXdTU0lRTVRFd2VERXhNQ3N3S3pBR093ZFUiLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--955e4ecf4dcd6b5873333833a7d869bd60c7dd7b/45588_orig.jpeg","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbHhqIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--1288f07999072babe0cdf90162e1f6f7da35aa14/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/45588_orig.jpeg"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array Index Underflow","description":"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425480","type":"report","attributes":{"title":"greg","state":"new","created_at":"2016-10-18T20:05:44.316Z","vulnerability_information":"gregr\n\n## Impact\n\ngregre","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-18T20:05:44.403Z","first_program_activity_at":"2016-10-18T20:05:44.403Z","last_program_activity_at":"2016-10-18T20:05:44.403Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-18T20:05:44.403Z","last_activity_at":"2016-10-18T20:08:09.264Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225991","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-18T20:05:44.360Z"}}},"weakness":{"data":{"id":"9","type":"weakness","attributes":{"name":"Buffer Over-read","description":"The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.","external_id":"cwe-126","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425470","type":"report","attributes":{"title":"htht","state":"new","created_at":"2016-10-18T19:13:48.758Z","vulnerability_information":"htrhtr\n\n## Impact\n\nhrthht","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-18T19:13:48.849Z","first_program_activity_at":"2016-10-18T19:13:48.849Z","last_program_activity_at":"2016-10-18T19:13:48.849Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-18T19:13:48.849Z","last_activity_at":"2016-10-18T19:13:51.079Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225980","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-18T19:13:48.798Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer Under-read","description":"The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425425","type":"report","attributes":{"title":"fewfewfew","state":"new","created_at":"2016-10-18T17:02:37.361Z","vulnerability_information":"fwefawefe\n\n## Impact\n\nfewfewfew","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2019-09-19T05:23:10.079Z","first_program_activity_at":"2016-10-18T17:02:37.427Z","last_program_activity_at":"2019-09-19T05:24:01.166Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2019-09-19T05:24:01.166Z","last_activity_at":"2019-09-19T05:24:01.166Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"519534","type":"severity","attributes":{"rating":"low","author_type":"Team","user_id":516261,"created_at":"2019-09-19T05:24:01.145Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer Underflow","description":"The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425399","type":"report","attributes":{"title":"htehre","state":"new","created_at":"2016-10-18T15:34:27.207Z","vulnerability_information":"hrehreh\n\n## Impact\n\nhreherrehrhh","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-18T15:34:27.260Z","first_program_activity_at":"2016-10-18T15:34:27.260Z","last_program_activity_at":"2016-10-18T15:34:27.260Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-18T15:34:27.260Z","last_activity_at":"2016-10-18T15:35:58.276Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225912","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-18T15:34:27.234Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer Underflow","description":"The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425184","type":"report","attributes":{"title":"htrhtr","state":"new","created_at":"2016-10-17T23:23:07.652Z","vulnerability_information":"htrhrt\n\n## Impact\n\nhtrhtr","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-17T23:23:07.736Z","first_program_activity_at":"2016-10-17T23:23:07.736Z","last_program_activity_at":"2016-10-17T23:23:07.736Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-17T23:23:07.736Z","last_activity_at":"2016-10-17T23:26:41.323Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225660","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-17T23:23:07.689Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer Under-read","description":"The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"424694","type":"report","attributes":{"title":"gregre","state":"new","created_at":"2016-10-16T16:16:11.476Z","vulnerability_information":"gregregre\n\n## Impact\n\ngregerg","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-16T16:16:11.543Z","first_program_activity_at":"2016-10-16T16:16:11.543Z","last_program_activity_at":"2016-10-16T16:16:11.543Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-16T16:16:11.543Z","last_activity_at":"2016-10-16T16:16:46.459Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225129","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-16T16:16:11.512Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer Under-read","description":"The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415344","type":"report","attributes":{"title":"htrhtr","state":"new","created_at":"2016-09-27T16:32:05.063Z","vulnerability_information":"thrhtrhtr\n\n## Impact\n\nthrrthtr","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-27T16:32:05.126Z","first_program_activity_at":"2016-09-27T16:32:05.126Z","last_program_activity_at":"2016-09-27T16:32:05.126Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"issue_tracker_reference_id":"12","last_public_activity_at":"2016-09-27T16:32:05.126Z","last_activity_at":"2016-09-27T17:12:54.153Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215876","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-27T16:32:05.095Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute Force","description":"The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415144","type":"report","attributes":{"title":"htrh","state":"new","created_at":"2016-09-27T01:00:56.238Z","vulnerability_information":"hhtrhrt\n\n## Impact\n\nhtr","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-27T01:00:56.317Z","first_program_activity_at":"2016-09-27T01:00:56.317Z","last_program_activity_at":"2016-09-27T01:01:24.428Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-27T01:01:24.428Z","last_activity_at":"2016-09-27T01:01:25.509Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":28,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215668","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-27T01:00:56.277Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array Index Underflow","description":"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415133","type":"report","attributes":{"title":"k78k87","state":"new","created_at":"2016-09-26T23:51:35.228Z","vulnerability_information":"k87k87k87\n\n## Impact\n\nk8787kk7k7k78likuj","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-26T23:51:35.299Z","first_program_activity_at":"2016-09-26T23:51:35.299Z","last_program_activity_at":"2016-09-27T00:05:08.131Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-27T00:05:08.131Z","last_activity_at":"2016-09-27T00:05:08.723Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":812,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215658","type":"severity","attributes":{"rating":"high","author_type":"User","user_id":175595,"created_at":"2016-09-26T23:51:35.266Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array Index Underflow","description":"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415035","type":"report","attributes":{"title":"greergregreg","state":"new","created_at":"2016-09-26T19:49:53.207Z","vulnerability_information":"ergrgre\n\n## Impact\n\ngregreer","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-26T19:49:53.410Z","first_program_activity_at":"2016-09-26T19:49:53.410Z","last_program_activity_at":"2016-09-26T19:53:19.020Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-26T19:53:19.020Z","last_activity_at":"2016-09-26T19:53:20.310Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":205,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215530","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-26T19:49:53.250Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute Force","description":"The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412631","type":"report","attributes":{"title":"jt","state":"new","created_at":"2016-09-22T00:33:43.979Z","vulnerability_information":"yjt\n\n## Impact\n\ntyj","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:33:44.071Z","first_program_activity_at":"2016-09-22T00:33:44.071Z","last_program_activity_at":"2016-09-22T00:33:56.364Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:33:56.364Z","last_activity_at":"2016-09-22T00:33:57.403Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":0,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213177","type":"severity","attributes":{"rating":"critical","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:33:44.028Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer Under-read","description":"The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412630","type":"report","attributes":{"title":"hfg","state":"new","created_at":"2016-09-22T00:32:25.134Z","vulnerability_information":"ghgfh\n\n## Impact\n\nhgfgfh","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:32:25.284Z","first_program_activity_at":"2016-09-22T00:32:25.284Z","last_program_activity_at":"2016-09-22T00:32:25.284Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:32:25.284Z","last_activity_at":"2016-09-22T00:32:25.284Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213176","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:32:25.185Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer Underflow","description":"The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412629","type":"report","attributes":{"title":"hfghgfh","state":"new","created_at":"2016-09-22T00:31:06.361Z","vulnerability_information":"hfghfg\n\n## Impact\n\nhgfgh","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:31:06.480Z","first_program_activity_at":"2016-09-22T00:31:06.480Z","last_program_activity_at":"2016-09-22T00:31:21.708Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:31:21.708Z","last_activity_at":"2016-09-22T00:31:23.038Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":0,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213175","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:31:06.427Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer Underflow","description":"The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412628","type":"report","attributes":{"title":"fgdgfdfgd","state":"new","created_at":"2016-09-22T00:29:45.651Z","vulnerability_information":"gfdgfdfggfd\n\n## Impact\n\nfgdfgdfgdfgd","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:29:45.767Z","first_program_activity_at":"2016-09-22T00:29:45.767Z","last_program_activity_at":"2016-09-22T00:30:17.747Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:30:17.747Z","last_activity_at":"2016-09-22T00:30:18.925Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":0,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213174","type":"severity","attributes":{"rating":"high","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:29:45.705Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer Underflow","description":"The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412553","type":"report","attributes":{"title":"fgdfgdfgd","state":"new","created_at":"2016-09-21T19:00:54.504Z","vulnerability_information":"gfdgfdfgd\n\n## Impact\n\nfgdgfd","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-21T19:00:54.614Z","first_program_activity_at":"2016-09-21T19:00:54.614Z","last_program_activity_at":"2016-09-22T00:28:56.690Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:28:56.690Z","last_activity_at":"2016-09-22T00:28:58.458Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":17945,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213079","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-21T19:00:54.556Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute Force","description":"The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"411276","type":"report","attributes":{"title":"Demo report: XSS in GitHub test home page","state":"new","created_at":"2016-09-18T22:37:10.591Z","vulnerability_information":"In some ***fantasy world***, the home page of GitHub test is vulnerable to an *imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2. Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability allows us to run an external script on your website that for example steals the cookies of the users that''s facing the XSS and thus gaining access to the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-21T22:37:12.860Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-21T22:37:12.860Z","last_activity_at":"2016-09-21T22:37:12.860Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array Index Underflow","description":"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"411263","type":"report","attributes":{"title":"Demo report: XSS in GitHub test home page","state":"new","created_at":"2016-09-18T21:17:14.574Z","vulnerability_information":"In some ***fantasy world***, the home page of GitHub test is vulnerable to an *imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2. Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability allows us to run an external script on your website that for example steals the cookies of the users that''s facing the XSS and thus gaining access to the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-21T21:17:28.659Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-21T21:17:28.659Z","last_activity_at":"2016-09-21T21:17:28.659Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array Index Underflow","description":"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"391124","type":"report","attributes":{"title":"HACK FOUND","state":"new","created_at":"2016-08-07T00:13:41.128Z","vulnerability_information":"YOU HAVE BEEN HACKED LOLOLOLOL\n\n## Impact\n\nHACK YOU","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-08-07T00:13:41.292Z","first_program_activity_at":"2016-08-07T00:13:41.292Z","last_program_activity_at":"2016-08-07T00:13:41.292Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-08-07T00:13:41.292Z","last_activity_at":"2016-08-07T00:13:41.292Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"291079","type":"user","attributes":{"username":"rzhade3","name":"Rahul Zhade","disabled":false,"created_at":"2016-06-12T17:43:40.852Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBdW1YIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--ccec2bdbe3c2291cc1ccf84fb84723b0809a1cb6/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/octocat.png"},"bio":"Application Security @GitHub","website":"https://zhade.dev","location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"192505","type":"severity","attributes":{"rating":"critical","author_type":"User","user_id":291079,"created_at":"2016-08-07T00:13:41.194Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute Force","description":"The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"389780","type":"report","attributes":{"title":"Demo report: XSS in GitHub test home page","state":"new","created_at":"2016-08-02T21:24:11.500Z","vulnerability_information":"In some ***fantasy world***, the home page of GitHub test is vulnerable to an *imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2. Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability allows us to run an external script on your website that for example steals the cookies of the users that''s facing the XSS and thus gaining access to the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-08-05T21:24:26.989Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-08-05T21:24:26.989Z","last_activity_at":"2016-08-05T21:24:26.989Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":"2016-09-14T21:24:11.500Z","timer_first_program_response_miss_at":"2016-08-03T21:24:11.500Z","timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":"2016-09-14T21:24:11.500Z","timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":"2016-08-06T21:24:11.500Z","timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"291079","type":"user","attributes":{"username":"rzhade3","name":"Rahul Zhade","disabled":false,"created_at":"2016-06-12T17:43:40.852Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBdW1YIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--ccec2bdbe3c2291cc1ccf84fb84723b0809a1cb6/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/octocat.png"},"signal":null,"impact":null,"reputation":null,"bio":"Application Security @GitHub","website":"https://zhade.dev","location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array Index Underflow","description":"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}}],"links":{}}' recorded_at: Tue, 26 Jan 2021 01:59:08 GMT recorded_with: VCR 6.0.0