Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
11
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: rubygems
Memory leak in gem decode logic can allow attacker to take down Rubygems.org application
RubyGems Uncontrolled Resource Consumption (CWE-400)
Medium
2026-04-09
Server-side ReDoS via user-controlled regex in OIDC Access Policy
RubyGems Uncontrolled Resource Consumption (CWE-400)
Unknown
2026-03-26
`/names.nsf` and all `/names*` files route to public API on rubygems.org
RubyGems Improper Access Control - Generic (CWE-284)
None
2025-05-03
Host Header Attac
RubyGems
Medium
2025-02-08
Bundler's RCE with response using Marshal
RubyGems Deserialization of Untrusted Data (CWE-502)
Unknown
2024-03-12
Possibility to guess email address from gravatar image URL
RubyGems Inadequate Encryption Strength (CWE-326)
Low
2023-09-14
Dependency repository hijacking aka Repo Jacking from GitHub repo rubygems/bundler-site & rubygems/bundler.github.io + bundler.io docs
RubyGems Open Redirect (CWE-601)
Medium
2021-12-19
Delete directory using symlink when decompressing tar
RubyGems Path Traversal (CWE-22)CVE-2019-8320
Medium
2019-04-11
Unpacker improperly validates symlinks, allowing gems writes to arbitrary locations
RubyGems Path Traversal (CWE-22)
Medium
2018-12-31
DNS SRV lookup of file:// sources enables local hijacking of gems
RubyGems Path Traversal (CWE-22)
High
2018-12-11
Cross-Domain JavaScript Source File Inclusion
RubyGems Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2018-12-10
Request Hijacking Vulnerability in RubyGems 2.6.13 and earlier
RubyGems Command Injection - Generic (CWE-77)CVE-2017-0902
Low
2018-12-08
65534 times efficient, Brute-force attack for api_key
RubyGems
Low
2018-12-08
Malware in `active-support` gem
RubyGems Command Injection - Generic (CWE-77)CVE-2018-3779
Critical
2018-08-09
Gem signature forgery
RubyGems Cryptographic Issues - Generic (CWE-310)
Medium
2018-08-03
Installer can modify other gems if gem name is specially crafted
RubyGems Path Traversal (CWE-22)
Medium
2018-03-22
Negative size in tar header causes infinite loop
RubyGems Uncontrolled Resource Consumption (CWE-400)
Low
2018-03-01
[gem server] Stored XSS via crafted JavaScript URL inclusion in Gemspec
RubyGems Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-02-22
RCE,SQL,Vulnerability + Exploit Method.
RubyGems Command Injection - Generic (CWE-77)
Unknown
2018-02-08
Host Header Injection/Redirection
RubyGems Violation of Secure Design Principles (CWE-657)
None
2018-02-08
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895