Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Private program name disclosure in the invitation mail for another program
HackerOne Information Disclosure (CWE-200)
Low
2023-12-08
CVE-2023-46219: HSTS long file name clears contents
curl Missing Encryption of Sensitive Data (CWE-311)CVE-2023-46219
Low
2023-12-08
User Details Can Be Disclosed Even If The Account IS In Hibernation State
LinkedIn Information Disclosure (CWE-200)
Low
2023-12-06
internal path disclosure via register error
Tennessee Valley Authority Information Exposure Through an Error Message (CWE-209)
Low
2023-11-30
CVE-2023-47037: Airflow Broken Access Control Vulnerability
Internet Bug Bounty Improper Authorization (CWE-285)CVE-2023-47037
Low
2023-11-29
CVE-2023-42780: Apache Airflow: Improper access control vulnerability in the "List dag warnings" feature
Internet Bug Bounty Improper Access Control - Generic (CWE-284)CVE-2023-42780
Low
2023-11-29
Potential IP revealing using UNC Path in Windows File Picker
Tor Information Disclosure (CWE-200)
Low
2023-11-28
solving TOR vulnerability, in other to make bruteforce difficult
Tor Array Index Underflow (CWE-129)CVE-2007-6750
Low
2023-11-28
Tor Project - Full Path Disclosure
Tor Information Exposure Through an Error Message (CWE-209)
Low
2023-11-28
Content spoofing on
Tor Violation of Secure Design Principles (CWE-657)
Low
2023-11-28
CSRF to Information disclosure on password reset
Mozilla Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2023-11-27
[CVE-2023-38546] cookie injection with none file
Internet Bug Bounty CVE-2023-38546
Low
2023-11-23
HTML injection in search UI when selecting a circle with HTML in the display name
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2023-48301
Low
2023-11-21
Able to see highest poll result without voting or view result
FetLife Information Exposure Through Debug Information (CWE-215)
Low
2023-11-15
CVE-2023-42663: Apache Airflow: Bypass permission verification to view task instances of other dags
Internet Bug Bounty CVE-2023-42663
Low
2023-11-13
YAML schema injection risk in Swagger UI via schema_url parameter at developers.cloudflare.com
Cloudflare Public Bug Bounty Resource Injection (CWE-99)
Low
2023-11-10
Security bug https://bugzilla.mozilla.org/oauth/authorize - CRLF Header injection via "redirect_uri" parameter
Mozilla CRLF Injection (CWE-93)
Low
2023-10-28
CVE-2023-40611: Apache Airflow Dag Runs Broken Access Control Vulnerability
Internet Bug Bounty Improper Access Control - Generic (CWE-284)CVE-2023-40611
Low
2023-10-27
Race condition in up voting and down voting
Urban Dictionary Violation of Secure Design Principles (CWE-657)
Low
2023-10-27
Possibility of Deface through translation tool - www.mozilla.com
Mozilla Information Disclosure (CWE-200)
Low
2023-10-27
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895