Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
11
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: uber
Chain of IDORs Between U4B and Vouchers APIs Allows Attackers to View and Modify Program/Voucher Policies and to Obtain Organization Employees' PII
Uber Insecure Direct Object Reference (IDOR) (CWE-639)
High
2022-04-07
Chain of vulnerabilities in Uber for Business Vouchers program allows for attacker to perform arbitrary charges to victim's U4B payment account
Uber Insecure Direct Object Reference (IDOR) (CWE-639)
High
2021-08-12
API on campus-vtc.com allows access to ~100 Uber users full names, email addresses and telephone numbers.
Uber Information Disclosure (CWE-200)
High
2021-07-08
Request Access for Uber Device Returns Management Platform (https://www.eats-devicereturns.com/request-access/) Bypass Allows Access to PII
Uber Privilege Escalation (CAPEC-233)
High
2021-05-14
Exposed█████████in apk file - devbuilds.uber.com
Uber Information Disclosure (CWE-200)
High
2021-04-09
SQLI on uberpartner.eu leads to exposure of sensitive user data of Uber partners
Uber SQL Injection (CWE-89)
High
2021-03-15
Reflected XSS on https://www.uber.com
Uber
High
2021-03-15
[First 30] Stored XSS on login.uber.com/oauth/v2/authorize via redirect_uri parameter
Uber Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-02-25
Uber employees are sharing information on productforums.google.com
Uber Information Disclosure (CWE-200)
High
2021-02-25
[usuppliers.uber.com] - Server Side Request Forgery via XXE OOB
Uber Server-Side Request Forgery (SSRF) (CWE-918)CVE-2016-0457
High
2021-02-25
Arbitrary File Reading on Uber SSL VPN
Uber Plaintext Storage of a Password (CWE-256)CVE-2019-11510CVE-2019-11542CVE-2019-11539CVE-2019-11538CVE-2019-11508CVE-2019-11540
High
2021-02-25
Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg
Uber Cleartext Transmission of Sensitive Information (CWE-319)
High
2020-04-30
Sensitive user information disclosure at bonjour.uber.com/marketplace/_rpc via the 'userUuid' parameter
Uber Information Disclosure (CWE-200)
High
2019-09-09
Chained Bugs to Leak Victim's Uber's FB Oauth Token
Uber Improper Authentication - Generic (CWE-287)
High
2019-01-25
Subdomain takeover at signup.uber.com
Uber Privilege Escalation (CAPEC-233)
High
2019-01-25
Open Redirect on central.uber.com allows for account takeover
Uber Improper Authentication - Generic (CWE-287)
High
2019-01-25
Site-wide CSRF on eats.uber.com
Uber Cross-Site Request Forgery (CSRF) (CWE-352)
High
2018-12-19
Lack of payment type validation in dial.uber.com allows for free rides
Uber Business Logic Errors (CWE-840)
High
2018-11-20
Stored XSS on any page in most Uber domains
Uber Cross-site Scripting (XSS) - Stored (CWE-79)
High
2018-11-20
Possibility to inject a malicious JavaScript code in any file on tags.tiqcdn.com results in a stored XSS on any page in most Uber domains
Uber Cross-site Scripting (XSS) - Stored (CWE-79)
High
2018-11-13
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895