Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,220
CVE-linked
1,854
Programs
342
New This Week
8
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Stored XSS in Satisfaction Surveys via "Ask Reason for Dissatisfaction" option
Lark Technologies Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-02-23
Stored xss in larksuite internal helpdesk and other user's helpdesk.
Lark Technologies Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-02-19
Stored XSS in markdown file with Nextcloud Talk using Internet Explorer
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2020-8294
Low
2021-02-19
Second Order XSS via █████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-02-18
Stored XSS in wordpress.com
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-02-17
Stored XSS in Intense Debate comment system
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-02-14
XSS в обработчике ссылок
VK.com Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-02-11
Stored XSS в выборе метки на странице списка заказов.
VK.com Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2021-02-11
Stored XSS via 64(?) vulnerable fields in ███ leads to credential theft/account takeover
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-02-10
Stored XSS at https://www.█████████.mil
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-02-01
Blind stored XSS due to insecure contact form at https://█████.mil leads to leakage of session token and
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-01-25
XSS in message attachment fileds.
Rocket.Chat Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2020-8288
Critical
2021-01-17
[dy-server2] - stored Cross-Site Scripting
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-01-14
Stored XSS on the job page
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-01-08
Bypass extension check leads to stored XSS at https://s2.booth.pm
pixiv Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-01-08
Stored XSS on oslo.io in notifications via project name change
Logitech Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-01-05
Stored XSS in [https://streamlabs.com/dashboard#/*goal] pages
Logitech Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2020-12-26
XSS through image upload of contacts using svg file with png extension
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2020-8280
Low
2020-12-26
Blind XSS on image upload
CS Money Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2020-12-26
Stored XSS at "Conditions " through "My Custom Rule" Field at [https://my.stripo.email/cabinet/#/template-editor/] in Template Editor.
Stripo Inc Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2020-12-24
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258 $1,730
X / xAI250 $2,500
Uber239 $9,895