Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,244
CVE-linked
1,864
Programs
343
New This Week
23
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 657 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Reflected XSS in https://www.██████/
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-09-29
Reflected XSS in https://www.█████/
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-09-29
Cross Site Scripting (XSS) – Reflected
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-09-29
Reflected Xss
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-09-21
Reflected-XSS on https://www.topcoder.com/tc via pt parameter
Lab45 Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-09-04
Reflected XSS on ███████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-09-03
Korea - Reflected XSS on https://www.istarbucks.co.kr/app/getGiftStock.do via "skuNo" and "skuImgUrl" parameters
Starbucks Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-08-18
Reflected XSS in "*.mendix.com/openid/*"
Mendix Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2020-8160
Medium
2020-08-18
Reflected XSS on https://███████/
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-07-30
[tumblr.com] 69< Firefox Only XSS Reflected
Automattic Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-07-09
DOM XSS on duckduckgo.com search
DuckDuckGo Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-06-26
Reflected DOM XSS on www.starbucks.co.uk
Starbucks Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-06-16
Reflected XSS on https://www.starbucks.co.uk/shop/paymentmethod/ (bypass for 227486)
Starbucks Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-06-16
RXSS on /landings/123.1/index.php (mackeeperapp.mackeeper.com)
Clario Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-06-13
Reflected XSS and HTML Injectionon a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-06-11
XSS (Cross site scripting) on https://apimgr.8x8.com
8x8 Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-06-09
Reflected XSS on http://axa.dxi.eu
8x8 Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-06-09
Xss (cross site scripting) on http://axa.dxi.eu/
8x8 Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-06-09
Reflected XSS in Nanostation Loco M2 - AirOS ver=6.1.7
Ubiquiti Inc. Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2020-8170
Medium
2020-06-01
Self XSS combine CSRF at https://████████/index.php
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-05-27
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud583
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239