Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
9
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
HttpOnly Flag not set
Weblate Violation of Secure Design Principles (CWE-657)
None
2017-05-18
Can upload files without authentication on AirFibre 3.2
Ubiquiti Inc. Violation of Secure Design Principles (CWE-657)
Low
2017-05-17
Weak e-mail change functionality could lead to account takeover
Weblate Violation of Secure Design Principles (CWE-657)
Low
2017-05-17
Spamming any user from Reset Password Function
Weblate Violation of Secure Design Principles (CWE-657)
Low
2017-05-17
Content Spoofing in error message
Weblate Violation of Secure Design Principles (CWE-657)
Low
2017-05-17
Content Spoofing
Weblate Violation of Secure Design Principles (CWE-657)
Low
2017-05-17
Specify maximal length in new comment
Weblate Violation of Secure Design Principles (CWE-657)
Low
2017-05-17
Specify maximal length in translation
Weblate Violation of Secure Design Principles (CWE-657)
None
2017-05-17
Insecure Account Removal
Weblate Violation of Secure Design Principles (CWE-657)
Low
2017-05-17
Registration captcha bypass
Weblate Violation of Secure Design Principles (CWE-657)
Medium
2017-05-17
Improper Password Reset Policy on https://hosted.weblate.org/
Weblate Violation of Secure Design Principles (CWE-657)
Low
2017-05-17
Content (Text) Injection at https://nextcloud.com
Nextcloud Violation of Secure Design Principles (CWE-657)
Low
2017-05-15
use of unsafe host header leads to open redirect
Rockstar Games Violation of Secure Design Principles (CWE-657)
Low
2017-05-01
Content Spoofing/Text Injection in https://demo.nextcloud.com
Nextcloud Violation of Secure Design Principles (CWE-657)
Low
2017-04-28
Remote file inclusion vulnerability on a DoD website
U.S. Dept Of Defense Violation of Secure Design Principles (CWE-657)
Medium
2017-04-27
Missing Server Side Rate Limiting can Lead to VK Account Take over
VK.com Violation of Secure Design Principles (CWE-657)
Unknown
2017-04-19
Host header Injection
Homebrew Violation of Secure Design Principles (CWE-657)
Medium
2017-04-19
Content Spoofing/Text Injection in nextcloud.com
Nextcloud Violation of Secure Design Principles (CWE-657)
Low
2017-04-19
Harden resend throttling
Gratipay Violation of Secure Design Principles (CWE-657)
Medium
2017-04-16
SIGSEGV - mrb_yield_with_class
shopify-scripts Violation of Secure Design Principles (CWE-657)
Medium
2017-04-13
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895