Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
14
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: brave
Brave News feeds can open arbitrary chrome: URLs
Brave Software Privilege Escalation (CAPEC-233)
High
2023-06-22
Open redirect due to scanning QR code via brave browser
Brave Software Open Redirect (CWE-601)CVE-2023-28364
High
2023-06-08
download file type warning on Windows does not appear if "ask where to save file before downloading" setting is enabled
Brave Software CVE-2023-28360
High
2023-05-10
S3 Bucket Takeover "brave-browser-rpm-staging-release-test"
Brave Software Improper Access Control - Generic (CWE-284)
Unknown
2023-04-26
S3 Bucket Takeover : brave-apt
Brave Software Improper Access Control - Generic (CWE-284)
Medium
2023-04-26
UXss on brave browser via scan QR Code
Brave Software Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2022-23258
High
2023-04-11
Open redirect found on account.brave.com
Brave Software Open Redirect (CWE-601)
Medium
2022-06-30
Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS
Brave Software Code Injection (CWE-94)
Medium
2022-06-30
Arbitrary file download due to bad handling of Redirects in WebTorrent
Brave Software Code Injection (CWE-94)
Medium
2022-06-30
Redirecting users to malicious torrent-files/websites using WebTorrent
Brave Software Violation of Secure Design Principles (CWE-657)
Medium
2022-06-30
Browser is not following proper flow for redirection cause open redirect
Brave Software CVE-2023-22798
High
2022-06-30
Information disclosure-Referer leak
Brave Software Information Disclosure (CWE-200)
High
2022-02-01
unclaimed s3 bucket takeover in the 3 js file located on the github page of brave software
Brave Software Business Logic Errors (CWE-840)
Low
2021-09-24
Information disclosure
Brave Software Information Disclosure (CWE-200)
High
2021-09-21
Brave Browser permanently timestamps & logs connection times for all v2 domains ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log
Brave Software Cleartext Storage of Sensitive Information (CWE-312)
Medium
2021-08-16
DNS Leaks when using any VPN Browser extension with Brave Shield enabled
Brave Software Information Disclosure (CWE-200)CVE-2021-22916
High
2021-07-08
Brave Browser Tor Window leaks user's real IP to the external DNS server
Brave Software Information Disclosure (CWE-200)CVE-2021-22917
High
2021-06-17
Cookie steal through content Uri
Brave Software Weak Password Recovery Mechanism for Forgotten Password (CWE-640)
Critical
2021-04-22
https://publishers.basicattentiontoken.org/favicon.ico is Vulnerable to CVE-2017-7529
Brave Software Array Index Underflow (CWE-129)CVE-2017-7529
Medium
2020-12-16
No rate limiting for confirmation email lead to email flooding and leads to enumeration of emails in publishers.basicattentiontoken.org
Brave Software Violation of Secure Design Principles (CWE-657)
Low
2020-11-09
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895