Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: ratelimited
Subdomain takeover in GitLab Pages [george.ratelimited.me]
RATELIMITED
High
2024-08-11
Apache mod_negotiation filename bruteforcing https://api.ratelimited.me
RATELIMITED
Low
2023-08-01
HTTP PUT method is enabled downloader.ratelimited.me
RATELIMITED
High
2022-08-07
Source code disclosure at ███
RATELIMITED Information Disclosure (CWE-200)
High
2020-06-20
Information Disclosure PHPpgAdmin
RATELIMITED Information Disclosure (CWE-200)
None
2020-02-29
Cross Site Request Forgery in auth in https://auth.ratelimited.me/
RATELIMITED Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2020-02-21
xss in /users/[id]/set_tier endpoint
RATELIMITED Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-01-25
Unrestricted File Upload on https://auth.ratelimited.me
RATELIMITED
Unknown
2019-05-18
Credientals Over GET method in plain Text
RATELIMITED Unprotected Transport of Credentials (CWE-523)
Medium
2019-02-17
Missing Protection Mechanism in Mail Servers allows malicious user to use staff.ratelimited.me email could lead to identity theft.
RATELIMITED Violation of Secure Design Principles (CWE-657)
High
2019-02-02
HTTP PUT method is enabled ratelimited.me
RATELIMITED
Critical
2019-01-29
Line feed injection in get request leads AWS S3 Bucket information disclosure
RATELIMITED Information Disclosure (CWE-200)
Medium
2019-01-14
Local File Download
RATELIMITED Improper Access Control - Generic (CWE-284)
Critical
2019-01-01
Exposure of tinyMCE js source code with plugin version disclosure which can leads to exploit further attacks.
RATELIMITED Information Disclosure (CWE-200)
Low
2018-12-29
Open Directory
RATELIMITED Information Exposure Through Directory Listing (CWE-548)
Medium
2018-12-24
Server Header disclose The Os and Web server Version
RATELIMITED Violation of Secure Design Principles (CWE-657)
Unknown
2018-12-22
Hackerone1
RATELIMITED HTTP Request Smuggling (CWE-444)
High
2018-12-21
Editable Wiki repo by anyone
RATELIMITED Violation of Secure Design Principles (CWE-657)
Low
2018-12-20
Apache Version Disclosure Through Directory Indexing
RATELIMITED Information Exposure Through an Error Message (CWE-209)
Medium
2018-12-15
Information Disclosure on https://theendlessweb.com/
RATELIMITED Information Disclosure (CWE-200)
Unknown
2018-12-15
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895