Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Long filenames cause OOM and temp files are not cleaned
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2019-11048
Medium
2020-10-10
Denial of Service | twitter.com & mobile.twitter.com
X / xAI Uncontrolled Resource Consumption (CWE-400)
Medium
2020-09-02
[json-bigint] DoS via `__proto__` assignment
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)CVE-2020-8237
High
2020-08-25
Prototype pollution attack (lodash)
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)
Medium
2020-08-25
Prototype Pollution lodash 4.17.15
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)
High
2020-08-21
Denial-of- service By Cache Poisoning The Cross-Origin Resource Sharing Misconfiguration Allow Origin Header
Automattic Uncontrolled Resource Consumption (CWE-400)
Medium
2020-08-14
[wappalyzer] ReDoS allows an attacker to completely break Wappalyzer
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)
High
2020-08-06
Memory Leak in OCUtil.dll library in Desktop client can lead to DoS
Nextcloud Uncontrolled Resource Consumption (CWE-400)CVE-2020-8229
Medium
2020-08-06
[is-my-json-valid] ReDoS via 'style' format
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)
High
2020-07-31
Fastify uses allErrors: true ajv configuration by default which is susceptible to DoS
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)CVE-2020-8192
Medium
2020-07-29
Untrusted users able to run pending migrations in production
Ruby on Rails Uncontrolled Resource Consumption (CWE-400)CVE-2020-8185
Medium
2020-07-24
Denial of Service [Chrome]
X / xAI Uncontrolled Resource Consumption (CWE-400)
Medium
2020-07-24
DoS for client-go jsonpath func
Kubernetes Uncontrolled Resource Consumption (CWE-400)
Low
2020-07-24
"Self" DOS with large deployment and scaling
Kubernetes Uncontrolled Resource Consumption (CWE-400)
Low
2020-07-23
Node disk DOS by writing to container /etc/hosts
Kubernetes Uncontrolled Resource Consumption (CWE-400)CVE-2020-8557
Medium
2020-07-22
Malformed HTTP/2 SETTINGS frame leads to reachable assert
Node.js Uncontrolled Resource Consumption (CWE-400)
Critical
2020-07-03
Node.js HTTP/2 Large Settings Frame DoS
Node.js Uncontrolled Resource Consumption (CWE-400)
Low
2020-07-02
disable test send feature if user's email address isn't verified
Courier Uncontrolled Resource Consumption (CWE-400)
High
2020-06-30
xmlrpc.php FILE IS enable which enables attacker to XSPA Brute-force and even Denial of Service(DOS), in https://████/xmlrpc.php
U.S. Dept Of Defense Uncontrolled Resource Consumption (CWE-400)
Medium
2020-06-25
Uploading large payload on domain instructions causes server-side DoS
HackerOne Uncontrolled Resource Consumption (CWE-400)
Medium
2020-06-20
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895