Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
14
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: ibb
[CVE-2024-35176] DoS vulnerability in REXML
Internet Bug Bounty Allocation of Resources Without Limits or Throttling (CWE-770)CVE-2024-35176
Medium
2024-08-23
CVE-2024-38875: Denial-Of-Service through uncontrolled resource consumption caused by poor time complexity of strip_punctuation .
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2024-38875
Medium
2024-08-23
libcurl: freeing stack buffer during x509 certificate parsing
Internet Bug Bounty Memory Corruption - Generic (CWE-119)CVE-2024-6197
Medium
2024-08-23
moderate: Apache HTTP Server: mod_rewrite proxy handler substitution (CVE-2024-39573) CWE-20 Improper Input Validation
Internet Bug Bounty Improper Input Validation (CWE-20)CVE-2024-39573
Medium
2024-08-12
moderate: Apache HTTP Server: HTTP response splitting (CVE-2023-38709)
Internet Bug Bounty HTTP Response Splitting (CWE-113)CVE-2023-38709
Medium
2024-07-13
moderate: Apache HTTP Server proxy encoding problem (CVE-2024-38473)
Internet Bug Bounty Improper Input Validation (CWE-20)CVE-2024-38473
Medium
2024-07-13
CVE-2024-3416: MTU of 4096 or greater without fragmentation may cause NGINX worker processes to leak previously freed memory
Internet Bug Bounty Information Disclosure (CWE-200)CVE-2024-3416
Medium
2024-07-12
CVE-2024-32760 in nginx
Internet Bug Bounty CVE-2024-32760
Medium
2024-07-01
CVE-2024-31079 in nginx
Internet Bug Bounty Stack Overflow (CWE-121)CVE-2024-31079
Medium
2024-07-01
CVE-2024-35200 in nginx
Internet Bug Bounty NULL Pointer Dereference (CWE-476)CVE-2024-35200
Medium
2024-07-01
[CVE-2024-32464] ActionText ContentAttachment’s can Contain Unsanitized HTML
Internet Bug Bounty Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2024-32464
Medium
2024-06-30
Improper handling of wildcards in --allow-fs-read and --allow-fs-write
Internet Bug Bounty Improper Access Control - Generic (CWE-284)CVE-2024-21890
Medium
2024-05-29
CVE-2024-25128: Apache Airflow: Authentication Bypass when Legacy OpenID(2.0) is in use as AUTH_TYPE
Internet Bug Bounty Improper Authentication - Generic (CWE-287)CVE-2024-25128
Medium
2024-04-28
CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2024-27351
Medium
2024-04-28
Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2024-27316
Medium
2024-04-24
CVE-2024-2398: HTTP/2 push headers memory-leak
Internet Bug Bounty CVE-2024-2398
Medium
2024-04-22
CVE-2024-2466: TLS certificate check bypass with mbedTLS (reward request)
Internet Bug Bounty Improper Certificate Validation (CWE-295)CVE-2024-2466
Medium
2024-03-29
ASAR Integrity bypass via filetype confusion
Internet Bug Bounty CVE-2023-44402
Medium
2024-01-20
CVE-2023-49920: Apache Airflow: Missing CSRF protection on DAG/trigger
Internet Bug Bounty Cross-Site Request Forgery (CSRF) (CWE-352)CVE-2023-49920
Medium
2024-01-09
curl cookie mixed case PSL bypass
Internet Bug Bounty Information Exposure Through Sent Data (CWE-201)CVE-2023-46218
Medium
2023-12-22
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895