Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports

12,219

CVE-linked

1,854

Programs

342

New This Week

Severity: All Critical High Medium Low

Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375

Program filter: infogram✕

Memory Corruption via Large Pixels

Infogram Classic Buffer Overflow (CWE-120)

Medium

2024-02-01

Bypass for blind SSRF #281950 and #287496

Infogram Server-Side Request Forgery (SSRF) (CWE-918)

Low

2020-05-24

Bypass to report #280389 [Thinking The issue is not fixed Yet]

Infogram Improper Authentication - Generic (CWE-287)

Medium

2020-02-07

LFI through the MySQL connection

Infogram Information Disclosure (CWE-200)

High

2019-11-12

Stored XSS in infogram.com via language

Infogram Cross-site Scripting (XSS) - Stored (CWE-79)

High

2019-06-22

Privilege escalation allows to use iframe functionality w/o upgrade

Infogram Privilege Escalation (CAPEC-233)

Unknown

2019-06-05

User account blocking by Internal Server error

Infogram

High

2018-12-28

Is the 504 Gateway Time-out error ok?

Infogram Uncontrolled Resource Consumption (CWE-400)

Low

2018-11-28

possibility to create account without username

Infogram Violation of Secure Design Principles (CWE-657)

Medium

2018-10-09

CORS on (ws.infogram.com)

Infogram Improper Access Control - Generic (CWE-284)

Low

2018-10-08

Application Vulnerable to CSRF - Remove Invited user

Infogram Cross-Site Request Forgery (CSRF) (CWE-352)

Medium

2018-05-08

Email notification is not being sent while changing passwords

Infogram Violation of Secure Design Principles (CWE-657)

Low

2018-01-29

No Rate Limit on account deletion request(Leads to huge email flooding/email bombing)

Infogram Violation of Secure Design Principles (CWE-657)

Low

2017-12-12

Bruteforcing Coupons

Infogram

Unknown

2017-12-12

Non Critical Code Quality Bug / Self XSS on Map Editor

Infogram Cross-site Scripting (XSS) - Stored (CWE-79)

Medium

2017-12-12

No Rate limit on Password Reset Function

Infogram Improper Authentication - Generic (CWE-287)

Medium

2017-12-12

Javascript Payload reflected Back in Report Embed Code

Infogram Cross-site Scripting (XSS) - Stored (CWE-79)

Low

2017-12-12

New team invitation functionality allows extend team without upgrade

Infogram Privilege Escalation (CAPEC-233)

Medium

2017-12-11

Report Design Critical Stored DOM XSS Vulnerability

Infogram Cross-site Scripting (XSS) - Stored (CWE-79)

Critical

2017-12-08

Server Side Request Forgery on JSON Feed

Infogram Server-Side Request Forgery (SSRF) (CWE-918)

Medium

2017-12-06

Top Weakness Types

Most Active Programs

Program	Reports	Max $
U.S. Dept Of Defense	896	—
Internet Bug Bounty	817	—
HackerOne	609	—
Nextcloud	582	—
Shopify	464	—
curl	439	—
Node.js third-party modules	307	—
GitLab	258	—
X / xAI	250	$2,500
Uber	239	$9,895

Goal Reached Thanks to every supporter — we hit 100%!

Bug Bounty Intelligence