Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports

12,219

CVE-linked

1,854

Programs

342

New This Week

Severity: All Critical High Medium Low

Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375

Program filter: ibm✕

IBM Aspera HTTP Gateway stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user.

IBM Information Disclosure (CWE-200)

High

2026-04-27

Potential Subdomain Takeover on IBM.com domain.

IBM Improper Access Control - Generic (CWE-284)

High

2026-03-24

SQL Injection vulnerability found on ibm.com endpoint

IBM SQL Injection (CWE-89)

Critical

2026-03-12

Path Traversal vulnerability identified on IBM endpoint.

IBM

High

2026-01-12

SQL injection identified on IBM endpoint.

IBM SQL Injection (CWE-89)

Critical

2026-01-07

Remote Code Execution identified on IBM endpoint.

IBM CVE-2025-55182

Critical

2025-12-31

[RCE] Remote Code Execution via React Server Components Vulnerability CVE-2025-55182

IBM Code Injection (CWE-94)CVE-2025-55182

Critical

2025-12-18

Information disclosure identified on IBM endpoint.

IBM Information Disclosure (CWE-200)

Medium

2025-07-08

Path Traversal Vulnerability found on IBM Cloud

IBM Path Traversal (CWE-22)

Critical

2025-05-07

Middleware Authentication Bypass on IBM Portal

IBM Command Injection - Generic (CWE-77)CVE-2025-29927

Critical

2025-05-02

Information disclosure on IBM training service endpoint

IBM Insecure Direct Object Reference (IDOR) (CWE-639)

Unknown

2025-04-29

Weak credentials found in Jenkins endpoint

IBM

Critical

2025-02-05

There is a POST based CSRF issue over IBM endpoint leading to modification of contact information.

IBM Cross-Site Request Forgery (CSRF) (CWE-352)

Medium

2025-02-04

POST based Cross-Site Scripting on IBM research endpoint

IBM Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2025-01-23

Exposed Logs and Bearer Tokens on Test Endpoint

IBM Information Disclosure (CWE-200)

Unknown

2024-12-12

SSRF via host header let access localhost via https://go.dialexa.com

IBM

Medium

2024-10-03

IBM OpenPages vulnerable to exposure of sensitive information

IBM Improper Authentication - Generic (CWE-287)CVE-2024-35151

Medium

2024-10-01

SSRF and secret key disclosure found on Turbonomic endpoint

IBM Server-Side Request Forgery (SSRF) (CWE-918)

High

2024-09-19

SSRF and secret key disclosure found on Turbonomic endpoint

IBM Server-Side Request Forgery (SSRF) (CWE-918)

High

2024-09-19

jazz.net - publicly accessible .svn repositories

IBM LLM06: Sensitive Information Disclosure

Unknown

2024-08-16

Top Weakness Types

Most Active Programs

Program	Reports	Max $
U.S. Dept Of Defense	896	—
Internet Bug Bounty	817	—
HackerOne	609	—
Nextcloud	582	—
Shopify	464	—
curl	439	—
Node.js third-party modules	307	—
GitLab	258	—
X / xAI	250	$2,500
Uber	239	$9,895

Goal Reached Thanks to every supporter — we hit 100%!

Bug Bounty Intelligence