Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: brave
Tor IP leak caused by the PDF Viewer extension in certain situations
Brave Software Information Disclosure (CWE-200)
Medium
2023-08-02
HTML injection in title of reader view
Brave Software Cross-site Scripting (XSS) - DOM (CWE-79)
Medium
2023-06-22
Phishing/Malware site blocking on Brave iOS can be bypassed with trailing dot in hostname
Brave Software Violation of Secure Design Principles (CWE-657)
Medium
2023-06-22
XSS on Brave Today through custom RSS feed
Brave Software Cross-site Scripting (XSS) - DOM (CWE-79)
Medium
2023-06-22
Persistent user tracking is possible using window.caches, by avoiding Brave Shields
Brave Software Privacy Violation (CWE-359)
Medium
2023-06-22
S3 Bucket Takeover : brave-apt
Brave Software Improper Access Control - Generic (CWE-284)
Medium
2023-04-26
Open redirect found on account.brave.com
Brave Software Open Redirect (CWE-601)
Medium
2022-06-30
Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS
Brave Software Code Injection (CWE-94)
Medium
2022-06-30
Arbitrary file download due to bad handling of Redirects in WebTorrent
Brave Software Code Injection (CWE-94)
Medium
2022-06-30
Redirecting users to malicious torrent-files/websites using WebTorrent
Brave Software Violation of Secure Design Principles (CWE-657)
Medium
2022-06-30
Brave Browser permanently timestamps & logs connection times for all v2 domains ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log
Brave Software Cleartext Storage of Sensitive Information (CWE-312)
Medium
2021-08-16
https://publishers.basicattentiontoken.org/favicon.ico is Vulnerable to CVE-2017-7529
Brave Software Array Index Underflow (CWE-129)CVE-2017-7529
Medium
2020-12-16
Stored XSS in localhost:* via integrated torrent downloader
Brave Software Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-15782
Medium
2019-09-24
There is vulnebility Click Here TO fix
Brave Software Improper Restriction of Authentication Attempts (CWE-307)
Medium
2019-02-19
Field Day With Protocol Handlers
Brave Software
Medium
2018-12-17
Brave allows flash to follow 307 redirects to other origins with arbitrary content-types
Brave Software Violation of Secure Design Principles (CWE-657)
Medium
2018-12-12
Navigation to restricted origins via "Open in new tab"
Brave Software
Medium
2018-10-09
URL spoofing using protocol handlers
Brave Software
Medium
2018-10-04
URL spoofing in Brave for macOS
Brave Software
Medium
2018-10-04
Torrent extension: Cross-origin downloading + "URL spoofing" + CSP-blocked XSS
Brave Software
Medium
2018-09-24
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895