Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
11
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: liberapay
Broken Authentication and session management OWASP A2
Liberapay Improper Authentication - Generic (CWE-287)
None
2018-11-26
Improper Data Validation / Unvalidated Input
Liberapay Classic Buffer Overflow (CWE-120)
None
2018-07-05
No Data Validation, No Captcha, No Filters...
Liberapay Business Logic Errors (CWE-840)
None
2018-06-11
Cross site scripting (content-sniffing)
Liberapay Cross-site Scripting (XSS) - DOM (CWE-79)
None
2018-06-10
Buffer overflow
Liberapay Classic Buffer Overflow (CWE-120)
None
2018-06-10
A single user can subscribe a community multiple times
Liberapay Business Logic Errors (CWE-840)
None
2018-06-07
Punny code Detection Parsing should be implemented on Markdown
Liberapay Business Logic Errors (CWE-840)
None
2018-06-07
Returning back from the browser after logging off will disclose some information
Liberapay Business Logic Errors (CWE-840)
Unknown
2018-06-07
Exploiting JSONP callback on /username/charts.json endpoint leads to information disclosure despite user's privacy settings
Liberapay Information Disclosure (CWE-200)
Medium
2018-06-05
Missing back-end user input validation can lead to DOS flaw
Liberapay Business Logic Errors (CWE-840)
Unknown
2018-06-05
Csrf token does not meet security design
Liberapay
Unknown
2018-06-05
REGISTRATION USING FAKE EMAIL ACCOUNT
Liberapay Business Logic Errors (CWE-840)
None
2018-06-05
Unsafe deserialization in Libera Pay allows to escalate a SQL injection to Remote Command Execution
Liberapay Deserialization of Untrusted Data (CWE-502)
Unknown
2018-06-04
CSRF token manipulation in every possible form submits. NO server side Validation
Liberapay Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2018-06-04
csrf token did not changed after login/logout many times
Liberapay Cross-Site Request Forgery (CSRF) (CWE-352)
None
2018-06-04
Current CSP Policy chained with HTML Injection can lead to Data Exfiltration
Liberapay Violation of Secure Design Principles (CWE-657)
None
2018-06-04
Phishing by Navigating Browser Tabs
Liberapay
None
2018-06-04
CSRF ON EDITING NAME (OPTIONAL)
Liberapay Cross-Site Request Forgery (CSRF) (CWE-352)
None
2018-06-04
Insecure Account Deletion
Liberapay Improper Authentication - Generic (CWE-287)
None
2018-06-04
The csrf token remains same after user logs in
Liberapay Violation of Secure Design Principles (CWE-657)
Unknown
2018-06-04
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895