Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,224
CVE-linked
1,856
Programs
342
New This Week
5
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
xss on demo.nextcloud.com due to outdated version
Nextcloud Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-11-26
Angular injection in the profile name of onpatient
drchrono Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-11-25
Stored XSS(Cross Site Scripting) In Slack App Name
Slack Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-11-22
Cross-Site Scripting Stored On Rich Media
Pushwoosh Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-11-17
DOM based XSS in search functionality
SecNews Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2016-11-16
Stored XSS in Filters
Pushwoosh Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-11-14
Link sanitation bypass in xss_clean()
CodeIgniter Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-11-04
[Thirdparty] Stored XSS in chat module - nextcloud server 9.0.51 installed in ubuntu 14.0.4 LTS
Nextcloud Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2016-11-02
Follow Button XSS
Automattic Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-10-28
(HackerOne SSO-SAML) Login CSRF, Open Redirect, and Self-XSS Possible Exploitation
HackerOne Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2016-10-27
Adobe XSS
Adobe Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-10-18
Stored XSS in wis.pr
Whisper Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-10-16
Google Authenticator - Cross Site Scripting
Ian Dunn Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-10-11
Arbitrary File Upload in Logo & Log in image Theming setting.
Nextcloud Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-10-05
Reflected xss on websummit.net
WebSummit Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-10-04
Xss in m.ok.ru
ok.ru Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-10-04
Open Redirect on slack.com
Slack Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-10-02
Cross-Site Scripting Reflected On Main Domain
Instacart Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-09-30
stored SELF xss on Basic Google Maps Placemarks Settings plugin
Ian Dunn Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-09-27
Cookie-Based Injection
Instacart Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-09-26
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl442
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239