Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
11
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: linkedin
Access to Deactivated LinkedIn Company Pages via Competitor Analytics API
LinkedIn Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2026-03-24
IDOR to make someone attend or leave an event
LinkedIn Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2026-03-06
Blocking a company page admin prevents him from delete paid media admin or edit his roles
LinkedIn Improper Access Control - Generic (CWE-284)
Medium
2026-03-05
Improper Access Control - Access to "Active Hiring" (Premium feature) filter results
LinkedIn Improper Access Control - Generic (CWE-284)
Medium
2026-02-03
Forced OAuth authorization using button ID in hash and holding space
LinkedIn Improper Authentication - Generic (CWE-287)
Medium
2024-12-17
Employee-only Area Bypass
LinkedIn Improper Access Control - Generic (CWE-284)
Medium
2024-02-19
Users can access exams in course without having to subscribe to PREMIUM
LinkedIn Improper Access Control - Generic (CWE-284)
Medium
2024-01-10
CSRF that makes any linkedin user follow attacker controlled accounts by simply clicking https://www.linkedin.com/comm/mynetwork/discovery-see-all/*
LinkedIn Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2023-12-06
CSRF that makes any user send invitations to the attacker by simply clicking on a link.
LinkedIn Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2023-12-06
Deny Admin from Editing LinkedIn Company Page using Gen Form Visibility via POST /voyager/api/voyagerOrganizationDashCompanies/{id}
LinkedIn Improper Access Control - Generic (CWE-284)
Medium
2023-10-19
[ADMIN FEATURE ACCESS] Knowing The Competitors analytics of any company
LinkedIn Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2023-10-05
Attackers can create unlimited jobs by paying a low price `( Rp. 10,000 )` from the original lowest price of around **Rp 93,151**
LinkedIn Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2023-09-29
Can VIEW Videos on LinkedIn Learning that Require a Subscription Without having to Subscribe Via `SHARE features`
LinkedIn Privilege Escalation (CAPEC-233)
Medium
2023-09-25
An Attacker Can Flag Draft Job Posts And Can Disclose The Draft Job Posts Details [ Similar to #1581528 Resolved Report]
LinkedIn Business Logic Errors (CWE-840)
Medium
2023-08-24
IDOR allows an attacker to delete anyone's featured photo.
LinkedIn Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2023-08-24
bypass two-factor authentication.
LinkedIn Improper Authentication - Generic (CWE-287)
Medium
2023-08-01
“See who’s interested in working for your company” - security issue
LinkedIn Information Disclosure (CWE-200)
Medium
2023-06-21
Entire database of emails exposed through URN injection
LinkedIn Code Injection (CWE-94)
Medium
2023-05-22
Anyone can view the results of linkedin skill test -if failed to earn a badge or if the badge earned is kept private: both cases results can be viewed
LinkedIn Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2023-05-17
[ Continuation Report from #1814842 ] Can create articles using other users' NewsLetters
LinkedIn Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2023-05-15
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895