Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: liberapay
another liberapay member team twitter account broken Link Hijacking via Expired Twitter Account Link
Liberapay Open Redirect (CWE-601)
None
2026-05-09
Liberapay member team twitter account broken Link Hijacking via Expired Twitter Account Link
Liberapay Open Redirect (CWE-601)
Unknown
2026-05-09
Unsafe yaml load can lead to remote code execution
Liberapay Deserialization of Untrusted Data (CWE-502)
Low
2024-05-04
Avatar URL is exposed in patron export for secret donations
Liberapay Privacy Violation (CWE-359)
Medium
2023-12-15
Password Reset Token Leak Via Referrer
Liberapay Information Disclosure (CWE-200)
Medium
2023-11-23
Twitter account hijack @Costalfy
Liberapay Phishing (CAPEC-98)
Low
2023-09-27
Disavowed an email without any authentication
Liberapay Improper Access Control - Generic (CWE-284)
Medium
2023-07-31
Email Address Exposure via Gratipay Migration Tool
Liberapay Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2022-10-09
Disavowing an account doesn't disable it
Liberapay Improper Authentication - Generic (CWE-287)
Low
2021-05-07
Login CSRF : Login Authentication Flaw on https://liberapay.com/
Liberapay Phishing (CAPEC-98)
Low
2021-04-05
Failure to Invalid Session after Password Change
Liberapay Violation of Secure Design Principles (CWE-657)
Low
2021-03-12
Reauthentication for changing password bypass
Liberapay Improper Authentication - Generic (CWE-287)
Low
2020-12-23
Leaking Of Sensitive Information on Github
Liberapay Information Disclosure (CWE-200)
Low
2020-04-03
Private target account appears in search results
Liberapay Privacy Violation (CWE-359)
None
2019-11-06
Invalidate session after password reset
Liberapay Violation of Secure Design Principles (CWE-657)
Low
2019-11-05
Full Path disclosure on 500 error
Liberapay Information Disclosure (CWE-200)
Low
2019-10-05
Session Cookie without HttpOnly and secure flag set
Liberapay Violation of Secure Design Principles (CWE-657)
None
2019-02-21
User Enumeration
Liberapay
Low
2019-01-05
Publicly editable GitHub wikis
Liberapay Improper Access Control - Generic (CWE-284)
High
2018-12-12
Import of repositories from GitHub is tied to username instead of immutable ID
Liberapay Improper Access Control - Generic (CWE-284)
Low
2018-12-02
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895