Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
11
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: curl
Free of uninitialized pointer in doh_decode_rdata_name()
curl Use After Free (CWE-416)
Unknown
2025-06-28
Improper Restriction of Authentication Attempts in cURL
curl Improper Restriction of Authentication Attempts (CWE-307)
Critical
2025-06-28
Stack Buffer Overflow in curl's OpenSSL Provider Handling
curl Stack Overflow (CWE-121)
Medium
2025-06-28
OS Command Injection in scripts/firefox-db2pem.sh via untrusted certificate nicknames
curl OS Command Injection (CWE-78)
High
2025-06-28
Failure to strip Proxy-Authorization header on change in origin
curl Information Disclosure (CWE-200)
Medium
2025-06-27
Arbitrary File Read via Unsanitized curl Usage Results in Sensitive File Exposure
curl External Control of File Name or Path (CWE-73)
None
2025-06-27
Credential leak on redirect due to improper state clearing when parsing macdef in netrc.c
curl Information Exposure Through Sent Data (CWE-201)CVE-2024-11053
Low
2025-06-22
Sensitive information disclosure with malicious netrc file
curl LLM06: Sensitive Information Disclosure
Medium
2025-06-22
CVE-2025-5399: WebSocket endless loop
curl Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835)CVE-2025-5399
Low
2025-06-04
CVE-2025-5025: No QUIC certificate pinning with wolfSSL
curl Improper Certificate Validation (CWE-295)CVE-2025-5025
Medium
2025-05-28
CVE-2025-4947: QUIC certificate check skip with wolfSSL
curl Improper Validation of Certificate with Host Mismatch (CWE-297)CVE-2025-4947
Medium
2025-05-28
Memory Leak in libcurl via Location Header Handling (CWE-770)
curl Allocation of Resources Without Limits or Throttling (CWE-770)
High
2025-05-22
`Curl_socketpair()` fallback vulnerable to man-in-the-middle attack
curl Man-in-the-Middle (CWE-300)CVE-2024-3219
Unknown
2025-05-20
Memory Leak
curl Memory Corruption - Generic (CWE-119)
Unknown
2025-05-10
CRLF Injection in `--proxy-header` allows extra HTTP headers (CWE-93)
curl CRLF Injection (CWE-93)
None
2025-05-08
HTTP/3 Stream Dependency Cycle Exploit
curl Improper Input Validation (CWE-20)
High
2025-05-04
Double Free Vulnerability in `libcurl` Cookie Management (`cookie.c`)
curl Double Free (CWE-415)
Unknown
2025-04-29
Use of a Broken or Risky Cryptographic Algorithm (CWE-327) in libcurl
curl Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
Unknown
2025-04-29
Heap‑based buffer overflow in curl -K <config_file> allows arbitrary write .
curl Heap Overflow (CWE-122)
High
2025-04-27
Use after free (read) in curl_multi_perform with DoH and Proxy options, and resolve timeouts
curl Use After Free (CWE-416)
Unknown
2025-03-06
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895