Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
9
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
open Firebase Database: msdict-dev.firebaseio.com
MobiSystems Ltd. Improper Access Control - Generic (CWE-284)
Medium
2020-01-20
Add store to new partner account without confirming email address.
Shopify Improper Access Control - Generic (CWE-284)
Medium
2020-01-02
Blocked user Git access through CI/CD token
GitLab Improper Access Control - Generic (CWE-284)CVE-2019-15589
Medium
2019-12-13
Container scanning and Dependency scanning report leaked to unauthorized users
GitLab Improper Access Control - Generic (CWE-284)CVE-2019-15591CVE-2017-18269CVE-2017-16997CVE-2018-1000001CVE-2016-10228CVE-2018-18520CVE-2010-4052CVE-2018-16869CVE-2018-18311CVE-2014-3488CVE-2017-12794CVE-2018-1000201
Medium
2019-12-13
GraphQL query "namespace" leaks data
GitLab Improper Access Control - Generic (CWE-284)
Medium
2019-12-03
Able to view Backend Database dur to improper authentication
U.S. Dept Of Defense Improper Access Control - Generic (CWE-284)
Medium
2019-12-02
Thailand - a small number of SMB CCTV footage backup servers were accessible without authentication.
Starbucks Improper Access Control - Generic (CWE-284)
Medium
2019-11-19
Permissive CORS policy trusting arbitrary extensions origin
Superhuman (formerly Grammarly) Improper Access Control - Generic (CWE-284)
Medium
2019-11-06
Bypass report #416983 - Removed Staff members who had "Apps" permission can still modify flow app connections
Shopify Improper Access Control - Generic (CWE-284)
Medium
2019-10-10
Found Origin IP's Lead To Access To [ Grafana Instance , PgHero Instance [ Can SQL Injection ]
Omise Improper Access Control - Generic (CWE-284)
Medium
2019-10-09
Bypassing push rules via MRs created by Email
GitLab Improper Access Control - Generic (CWE-284)
Medium
2019-10-01
xmlrpc.php file enabled - data.gov
GSA Bounty Improper Access Control - Generic (CWE-284)
Medium
2019-08-19
Previously created sessions continue being valid after MFA activation
Superhuman (formerly Grammarly) Improper Access Control - Generic (CWE-284)
Medium
2019-08-19
Github wikis are editable by anyone https://github.com/paragonie/password_lock/wiki
Paragon Initiative Enterprises Improper Access Control - Generic (CWE-284)
Medium
2019-07-29
Custom Field Attributes may be created and updated for customers with Custom Field Trial enabled
HackerOne Improper Access Control - Generic (CWE-284)
Medium
2019-07-05
H1514 Bypass Wholesale account signup restrictions
Shopify Improper Access Control - Generic (CWE-284)
Medium
2019-06-07
securitytemplate.site domain hijack
Ed Improper Access Control - Generic (CWE-284)
Medium
2019-04-15
H1514 Wholesale customer without checkout permission can complete purchases
Shopify Improper Access Control - Generic (CWE-284)
Medium
2019-04-10
Removing a user from a private group doesn't remove him from group's project, if his project's role was changed
GitLab Improper Access Control - Generic (CWE-284)
Medium
2019-04-05
API request signature can be reused with other parameters/data than the original in certain cases
Gatecoin Improper Access Control - Generic (CWE-284)
Medium
2019-02-23
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895