Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,217
CVE-linked
1,854
Programs
342
New This Week
12
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: gitlab
Domain Takeover - gl-canary.freetls.fastly.net
GitLab Privilege Escalation (CAPEC-233)
Low
2023-05-30
Stored-XSS with CSP-bypass via labels' color
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2023-02-19
Bypass: Stored-XSS with CSP-bypass via scoped labels' color
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2023-02-19
Dependecy Confusion via Lookup Request Forwarding to PyPi.org
GitLab Misconfiguration (CWE-16)
Unknown
2022-11-21
RCE via github import
GitLab OS Command Injection (CWE-78)
Critical
2022-11-16
CSP-bypass XSS in project settings page
GitLab Cross-site Scripting (XSS) - Generic (CWE-79)
High
2022-11-16
XSS: `v-safe-html` is not safe enough
GitLab Cross-site Scripting (XSS) - Generic (CWE-79)
High
2022-11-16
New /add_contacts /remove_contacts quick commands susseptible to XSS from Customer Contact firstname/lastname fields
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2022-1948
High
2022-11-16
DOS via issue preview
GitLab Uncontrolled Resource Consumption (CWE-400)
High
2022-11-04
Path paths and file disclosure vulnerabilities at influxdb.quality.gitlab.net
GitLab Information Disclosure (CWE-200)
Low
2022-11-04
DOS via move_issue
GitLab Uncontrolled Resource Consumption (CWE-400)
Medium
2022-11-04
RepositoryPipeline allows importing of local git repos
GitLab Improper Access Control - Generic (CWE-284)
Medium
2022-11-04
Remote Command Execution via Github import
GitLab Command Injection - Generic (CWE-77)CVE-2022-2884
Critical
2022-10-06
Content injection in Jira issue title enabling sending arbitrary POST request as victim
GitLab Resource Injection (CWE-99)CVE-2022-1940
High
2022-09-22
Unauthenticated IP allowlist bypass when accessing job artifacts through gitlab pages at `{group_id}.gitlab.io`
GitLab Improper Access Control - Generic (CWE-284)
Medium
2022-09-22
XSS in ZenTao integration affecting self hosted instances without strict CSP
GitLab Cross-site Scripting (XSS) - Generic (CWE-79)
High
2022-09-22
No Restriction on password
GitLab
None
2022-09-13
ReDoS in net/http affects webhooks: Sidekiq job stuck at 100% CPU for a year
GitLab Uncontrolled Resource Consumption (CWE-400)
Medium
2022-09-13
RCE via the DecompressedArchiveSizeValidator and Project BulkImports (behind feature flag)
GitLab Command Injection - Generic (CWE-77)CVE-2022-2185
Critical
2022-09-13
Unauthorized access
GitLab Improper Access Control - Generic (CWE-284)CVE-2022-2185
Medium
2022-08-25
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895