Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,220
CVE-linked
1,854
Programs
342
New This Week
8
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
stack overflow #2 in libsass
LibSass Uncontrolled Resource Consumption (CWE-400)
Low
2017-10-20
stack overflow in libsass
LibSass Uncontrolled Resource Consumption (CWE-400)
Low
2017-10-20
[tor] control connection pre-auth DoS (infinite loop) with --enable-bufferevents
Tor Uncontrolled Resource Consumption (CWE-400)
Unknown
2017-10-19
No limit of summary length allows Denail of Service
RubyGems Uncontrolled Resource Consumption (CWE-400)CVE-2017-0900
High
2017-08-31
Information disclosue in Android Application
Coinbase Uncontrolled Resource Consumption (CWE-400)
Low
2017-08-30
Unable to register in starbucks IN app
Starbucks Uncontrolled Resource Consumption (CWE-400)
Low
2017-08-15
Remote Stack Overflow Vulnerability (DoS)
Brave Software Uncontrolled Resource Consumption (CWE-400)
Unknown
2017-08-10
ntpd: read_mru_list() does inadequate incoming packet checks
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2016-7434
Low
2017-07-12
Bypassing captcha in registration on Hosted site
Weblate Uncontrolled Resource Consumption (CWE-400)
Medium
2017-07-03
ci.nextcloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)
Nextcloud Uncontrolled Resource Consumption (CWE-400)CVE-2015-5477
High
2017-06-08
Invalid Pointer reference in L_RESCUE
shopify-scripts Uncontrolled Resource Consumption (CWE-400)
Unknown
2017-06-01
WordPress Authentication Denial of Service
Instacart Uncontrolled Resource Consumption (CWE-400)
Unknown
2017-05-26
Malformed SHA512 ticket DoS (CVE-2016-6302)
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2016-6302
Low
2017-05-25
Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2016-6307
Low
2017-05-25
Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2016-6308CVE-2016-6307
Low
2017-05-25
No Password Length Restriction leads to Denial of Service
Weblate Uncontrolled Resource Consumption (CWE-400)
Low
2017-05-17
XXE in upload file feature
Informatica Uncontrolled Resource Consumption (CWE-400)
High
2017-05-10
Null pointer dereferences in ary_concat
shopify-scripts Uncontrolled Resource Consumption (CWE-400)
Unknown
2017-05-04
Null pointer dereferences in mrb_get_args
shopify-scripts Uncontrolled Resource Consumption (CWE-400)
Unknown
2017-05-03
Heap Buffer Overflow in mrb_hash_keys
shopify-scripts Uncontrolled Resource Consumption (CWE-400)
Unknown
2017-05-03
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895