Reports in hyperledger program: S.No Title Bounty 1 POOL_UPGRADE request handler may allow an unauthenticated attacker to remotely execute code on every node in the network. $2000.0 2 Docker Secret Disclosure via GitHub Actions Cache Poisoning $2000.0 3 Unauthorized packages modification or secrets exfiltration via GitHub actions $1500.0 4 DOS validator nodes of blockchain to block external connections $1500.0 5 Enrolling to a CA that returns an empty response crashes the node process $500.0 6 many commands can be manipulated to delete identities or affiliations $500.0 7 Fix : (Security) Mitigate Path Traversal Bug $200.0 8 RCE vulnerability in Hyperledger Fabric SDK for Java $200.0 9 fix(cmd-socketio-server): mitigate cross site scripting attack #2068 $100.0 10 Vulnerabilities in Endorsement Mechanism of Private Data Related Transactions in Hyperledger Fabric 2.0 $0.0 11 The “payload” Field of Transactions in a Block Reveals the Private Data to All Peers $0.0 12 Vulnerability in Private Data Endorsement Policy Management in Hyperledger Fabric 2.0 $0.0 13 Remote denial of service in HyperLedger Fabric $0.0 14 Corsa Site Scripting Vulnerability (XSS) $0.0 15 Insecure TLS Configuration #3530 $0.0 16 Brute Force of fabric-ca server admin account $0.0 17 fix(security):Path Traversal Bug $0.0 18 Cross Site Scripting Vulnerability in fabric-sdk-py source code $0.0 19 Remote denial of service in HyperLedger Fabric $0.0 20 Relative Path Traversal vulnerability in fabric-private-chaincode $0.0 21 CVE-2017-5929: Hyperledger - Arbitrary Deserialization of Untrusted Data $0.0 22 Dependency confusion in https://github.com/hyperledger/aries-mobile-agent-react-native $0.0 23 [indy_node]POOL_UPGRADE command injection, Trustee Node can execute command in any other Node`s system. $0.0 24 CVE-2023-46132 $0.0 25 Code exec on Github runner via Pull request name $0.0