Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
9
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: ruby
ReDoS in IPAddr
Ruby
Unknown
2025-07-08
ReDoS in Psych
Ruby
Unknown
2025-07-08
Uncontrolled Resource Consumption when parsing maliciously crafted XML with REXML
Ruby Uncontrolled Resource Consumption (CWE-400)CVE-2024-43398
Medium
2025-02-20
RCE by parsing `.rdoc_options` in RDoc
Ruby Code Injection (CWE-94)CVE-2024-27281
Unknown
2024-07-03
The taint flag is not propagated at JSON.parse
Ruby
Unknown
2024-01-05
DoS in bigdecimal's sqrt function due to miscalculation of loop iterations
Ruby Uncontrolled Resource Consumption (CWE-400)
Medium
2023-12-20
URI parser's RFC3986 regular expression has poor performance when there are two # characters, leading to ReDoS
Ruby CVE-2023-28755
Medium
2023-12-13
XMLRPC does not limit deserializable classes.
Ruby Deserialization of Untrusted Data (CWE-502)
High
2023-08-01
heap-buffer-overflow in gc_writebarrier_incremental
Ruby Heap Overflow (CWE-122)
None
2023-07-19
RDoc::MethodAttr is vulnerable to Regular Expression Denial of Service (ReDoS)
Ruby Uncontrolled Resource Consumption (CWE-400)
Low
2023-07-18
Arbitrary file injection via symlink attack in rdoc generator
Ruby Resource Injection (CWE-99)
None
2023-07-18
XSS exploit of RDoc documentation generated by rdoc
Ruby Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2013-0256
Medium
2023-07-18
XSS exploit of RDoc documentation generated by rdoc (CVE-2013-0256)
Ruby Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2013-0256
Medium
2023-07-18
Stored XSS in RDoc hyperlinks through javascript scheme
Ruby Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2023-07-18
XSS in HTML generated by RDoc
Ruby Cross-site Scripting (XSS) - Stored (CWE-79)
Unknown
2023-07-18
ReDoS in Time.rfc2822
Ruby CVE-2023-28756
Unknown
2023-05-16
Header CRLF Injection in Ruby Net::HTTP
Ruby CRLF Injection (CWE-93)
None
2023-05-04
Attacker can smuggle a malicious domain in a URI object.
Ruby Open Redirect (CWE-601)
Unknown
2022-12-13
CGI::Cookieクラスにおけるセキュリティ上好ましくない仕様および実装
Ruby HTTP Response Splitting (CWE-113)CVE-2021-33621
Low
2022-11-24
RubyのCGIライブラリにHTTPレスポンス分割(HTTPヘッダインジェクション)があり、秘密情報が漏洩する
Ruby HTTP Response Splitting (CWE-113)CVE-2021-33621CVE-2019-16254
High
2022-11-24
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895