Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: curl
Unicode-to-ASCII conversion on Windows can lead to argument injection and more
curl Encoding Error (CWE-172)
High
2024-06-18
Incorrect Encoding Conversion in hostname results in indeterminate SSRF vulnerabilities
curl Type Confusion (CWE-843)CVE-2012-1823CVE-2024-4577
Low
2024-06-18
Denial of Service in curl Request - HTTP headers eat all memory
curl Allocation of Resources Without Limits or Throttling (CWE-770)
Medium
2024-06-18
Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses and below `curl` results in indeterminate SSRF vulnerabilities.
curl Type Confusion (CWE-843)CVE-2023-24329CVE-2024-22243
Critical
2024-05-08
cookie is sent on redirect
curl Insufficiently Protected Credentials (CWE-522)
Medium
2024-03-28
CVE-2024-2004: Usage of disabled protocol
curl Misinterpretation of Input (CWE-115)CVE-2024-2004
Low
2024-03-27
HTTP/2 PUSH_PROMISE DoS
curl Uncontrolled Resource Consumption (CWE-400)
Medium
2024-03-27
CVE-2024-2466: TLS certificate check bypass with mbedTLS
curl Improper Validation of Certificate with Host Mismatch (CWE-297)CVE-2016-3739CVE-2013-4545CVE-2013-6422CVE-2014-0139CVE-2014-1263CVE-2014-2522CVE-2014-8151CVE-2024-2466
Medium
2024-03-27
CVE-2024-2398: HTTP/2 push headers memory-leak
curl Uncontrolled Resource Consumption (CWE-400)CVE-2024-2398
Medium
2024-03-27
CVE-2024-2379: QUIC certificate check bypass with wolfSSL
curl Improper Certificate Validation (CWE-295)CVE-2024-2379
Low
2024-03-27
CVE-2024-0853: OCSP verification bypass with TLS session reuse
curl Improper Check for Certificate Revocation (CWE-299)CVE-2024-0853
Low
2024-01-31
Buffer Overflow Vulnerability in WebSocket Handling
curl Heap Overflow (CWE-122)
High
2024-01-02
CVE-2023-46219: HSTS long file name clears contents
curl Missing Encryption of Sensitive Data (CWE-311)CVE-2023-46219
Low
2023-12-08
CVE-2023-46218: cookie mixed case PSL bypass
curl Information Exposure Through Sent Data (CWE-201)CVE-2023-46218
Medium
2023-12-06
Buffer overflow and affected url:-https://github.com/curl/curl/blob/master/docs/examples/hsts-preload.c
curl Classic Buffer Overflow (CWE-120)
Critical
2023-11-15
[Critical] Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet
curl Information Disclosure (CWE-200)
Critical
2023-10-16
CVE-2023-38546: cookie injection with none file
curl External Control of File Name or Path (CWE-73)CVE-2023-38546
Low
2023-10-11
CVE-2023-38545: socks5 heap buffer overflow
curl Heap Overflow (CWE-122)CVE-2023-38545
High
2023-10-11
NULL Pointer dereference in idn.c
curl NULL Pointer Dereference (CWE-476)
Critical
2023-09-20
CVE-2023-38039: HTTP header allocation DOS
curl Allocation of Resources Without Limits or Throttling (CWE-770)CVE-2023-38039
Medium
2023-09-13
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895