Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,250
CVE-linked
1,864
Programs
343
New This Week
8
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Denial of Service via `__proto__` header name in `req.headersDistinct` (Uncaught `TypeError` crashes Node.js process)
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2026-21710
High
2026-03-30
Economic DoS (Griefing) on IBC Relayers via `memo` Callback Gas Exploitation
Cosmos Uncontrolled Resource Consumption (CWE-400)
High
2025-12-18
Denial of Service (DoS) vulnerability in dedotdotify() URL path normalization
curl Uncontrolled Resource Consumption (CWE-400)
High
2025-12-13
Application Level DoS - Large Markdown Payload in Reply Section Leading to Resource Exhaustion
Discourse Uncontrolled Resource Consumption (CWE-400)
High
2025-10-18
WebSocket Fragmentation DoS on Curl Client
curl Uncontrolled Resource Consumption (CWE-400)
High
2025-08-19
Crafted smart contract can take 8 minutes to execute due to bug in modexp precompile.
Rootstock Labs Uncontrolled Resource Consumption (CWE-400)
High
2025-06-13
DOS of RSKJ server
Rootstock Labs Uncontrolled Resource Consumption (CWE-400)
High
2025-06-13
[CVE-2025-27220] ReDoS in CGI::Util#escapeElement
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2025-27220
High
2025-04-30
Remote memory exhaustion in Epee RPC stack under zero Receive Window
Monero Uncontrolled Resource Consumption (CWE-400)
High
2025-04-23
Unauthenticated WordPress Database Repair DoS
WordPress Uncontrolled Resource Consumption (CWE-400)
High
2024-10-18
CVE-2024-34750 Apache Tomcat DoS vulnerability in HTTP/2 connector
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2024-34750
High
2024-07-05
Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2024-27983
High
2024-04-29
Denial of Service caused by HTTP/2 CONTINUATION Flood
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2024-24549
High
2024-04-22
"Assertion failed" in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2024-27983
High
2024-04-08
http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2024-22019
High
2024-03-05
http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2024-22019
High
2024-02-15
ReDoS( Ruby, Time)
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2023-28756
High
2023-04-26
DOS via issue preview
GitLab Uncontrolled Resource Consumption (CWE-400)
High
2022-11-04
Deny of service via malicious Content-Type
Fastify Uncontrolled Resource Consumption (CWE-400)CVE-2022-39288
High
2022-10-10
Lack of Packet Sanitation in Goflow Results in Multiple DoS Attack Vectors and Bugs
Cloudflare Public Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2022-2529
High
2022-09-30
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl459
Node.js third-party modules307
GitLab258
X / xAI250 $7,000
Uber239