Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
11
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: curl
Format string vulnerability, curl_msnprintf() function
curl Use of Externally-Controlled Format String (CWE-134)
Medium
2025-02-20
("possible") UAF
curl Memory Corruption - Generic (CWE-119)
None
2025-02-08
CVE-2025-0167: netrc and default credential leak
curl LLM06: Sensitive Information Disclosure CVE-2025-0167CVE-2024-11053
Low
2025-02-07
CVE-2025-0665: eventfd double close
curl Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)CVE-2025-0665
Low
2025-02-07
curl allows SSH connection even if host is not in known_hosts
curl Improper Certificate Validation (CWE-295)
High
2025-02-05
CVE-2025-0725: gzip integer overflow
curl Integer Overflow to Buffer Overflow (CWE-680)CVE-2025-0725
Low
2025-02-05
Hackers Attack Curl Vulnerability Accessing Sensitive Information
curl Information Disclosure (CWE-200)
Medium
2024-12-27
bypass of this Fixed #2437131 [ Inadequate Protocol Restriction Enforcement in curl ]
curl Cleartext Transmission of Sensitive Information (CWE-319)
Low
2024-12-19
CVE-2024-11053: netrc + redirect credential leak
curl Information Disclosure (CWE-200)CVE-2024-11053
Low
2024-12-11
Buffer Overflow Risk in Curl_inet_ntop and inet_ntop4
curl Classic Buffer Overflow (CWE-120)
High
2024-12-08
Buffer Overflow Vulnerability in strcpy() Leading to Remote Code Execution
curl Classic Buffer Overflow (CWE-120)
Critical
2024-12-02
Buffer overflow in strcpy
curl Buffer Underflow (CWE-124)
Critical
2024-11-07
CVE-2024-9681: HSTS subdomain overwrites parent cache entry
curl Business Logic Errors (CWE-840)CVE-2024-9681
Low
2024-11-06
Exploitable Format String Vulnerability in curl_mfprintf Function
curl Use of Externally-Controlled Format String (CWE-134)
High
2024-11-06
When curl uses Schannel as TLS backend, it fails to enforce TLS 1.3 cipher suite selections correctly
curl Business Logic Errors (CWE-840)
Medium
2024-11-04
CVE-2024-8096: OCSP stapling bypass with GnuTLS
curl Improper Certificate Validation (CWE-295)CVE-2024-8096
Medium
2024-09-11
CVE-2024-7264: ASN.1 date parser overread
curl Buffer Over-read (CWE-126)CVE-2024-7264
Low
2024-08-01
CVE-2024-6197: freeing stack buffer in utf8asn1str
curl Free of Memory not on the Heap (CWE-590)CVE-2024-6197
Medium
2024-07-24
CVE-2024-6874: macidn punycode buffer overread
curl Buffer Over-read (CWE-126)CVE-2024-6874
Low
2024-07-24
NULL dereference when encoding DN of x509 certificate
curl NULL Pointer Dereference (CWE-476)
Low
2024-06-19
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895