Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,220
CVE-linked
1,854
Programs
342
New This Week
8
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Reflected Cross Site Script in imtportal.gm.com
General Motors Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-06-09
XSS Vulnerability in developer.gm.com
General Motors Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-06-09
Reflected XSS and something more Store XSS too
General Motors Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-06-09
IE search XSS
General Motors Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-06-09
Reflected XSS on teavana.com (Locale-Change)
Starbucks Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-06-09
DOM XSS vulnerability in search dialogue (NC-SA-2017-007)
Nextcloud Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2017-0890
Low
2017-06-07
Stored XSS in Gallery application (NC-SA-2017-010)
Nextcloud Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2017-0893
Low
2017-06-06
Flash XSS on homepage fliptilescroller
General Motors Cross-site Scripting (XSS) - Generic (CWE-79)
None
2017-06-05
Flash XSS on Buick_RotatingMasthead_JellyBeanSlider.swf
General Motors Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-06-05
Self-XSS can be achieved in the editor link using filter bypass
Weblate Cross-site Scripting (XSS) - Generic (CWE-79)
None
2017-06-02
Reflected XSS on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-06-01
Reflected XSS on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-06-01
Reflected XSS on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-06-01
XSS in $shop$.myshopify.com/admin/ via twine template injection in "Shopify.API.Modal.input" method when using a malicious app
Shopify Cross-site Scripting (XSS) - Generic (CWE-79)
High
2017-06-01
Reflected XSS on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-06-01
Reflected XSS on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-05-31
Stored XSS vulnerability on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-05-31
Stored XSS in Adress Book (starbucks.com/account/profile)
Starbucks Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-05-31
XSS at in instacart.com/store/partner_recipe
Instacart Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-05-30
HTML injection in Desktop Client
ownCloud Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-05-23
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895