Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Document content of files can be obtained through Collabora for files of other users
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2023-25150
Medium
2023-05-04
Hide download previews are accessible without a watermark
Nextcloud Improper Access Control - Generic (CWE-284)
Low
2023-05-04
Unauthenticated cache purging
Fastly VDP Improper Access Control - Generic (CWE-284)
None
2023-05-01
Cache purge requests are not authenticated
Fastly VDP Improper Access Control - Generic (CWE-284)
None
2023-05-01
S3 Bucket Takeover "brave-browser-rpm-staging-release-test"
Brave Software Improper Access Control - Generic (CWE-284)
Unknown
2023-04-26
S3 Bucket Takeover : brave-apt
Brave Software Improper Access Control - Generic (CWE-284)
Medium
2023-04-26
Improper Access Control - Generic
Rocket.Chat Improper Access Control - Generic (CWE-284)CVE-2023-28316
Low
2023-04-25
File Read Vulnerability allows Attackers to Compromise S3 buckets using Prow
Kubernetes Improper Access Control - Generic (CWE-284)
Medium
2023-04-25
Authentication bypass on gist.github.com through SSH Certificates
GitHub Improper Access Control - Generic (CWE-284)CVE-2023-23761
High
2023-04-20
Reentrancy attack in eth-monero atomic swap
Monero Improper Access Control - Generic (CWE-284)
Unknown
2023-04-20
A malicious actor could rotate tokens of a victim, given that he knows the victim's token ID
Cloudflare Public Bug Bounty Improper Access Control - Generic (CWE-284)
High
2023-04-13
Can delete other user's post and company page post
LinkedIn Improper Access Control - Generic (CWE-284)
Unknown
2023-04-11
Full Passcode bypass on Nextcloud App iOS
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2023-28647
Low
2023-04-10
Secure view trivial to bypass
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2023-28645
Medium
2023-03-30
Debugging panel exposure
LY Corporation Improper Access Control - Generic (CWE-284)
Low
2023-03-28
Accessing unauthorized administration pages and seeing admin password - speakerkit.state.gov
U.S. Department of State Improper Access Control - Generic (CWE-284)
High
2023-03-25
Chat room member disclosure via autocomplete API
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2023-28845
Medium
2023-03-25
Improper Access Control on Media Wiki allows an attackers to restart installation on DoD asset
U.S. Dept Of Defense Improper Access Control - Generic (CWE-284)
Medium
2023-03-24
Scope information is leaked when visiting policy scopes tab of any External Program
HackerOne Improper Access Control - Generic (CWE-284)
Medium
2023-03-10
Attacker is able to query Github repositories of arbitrary Shopify Hydrogen Users
Shopify Improper Access Control - Generic (CWE-284)
Low
2023-03-09
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895