Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
9
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: ruby
'net/http': HTTP Header Injection in the set_content_type method
Ruby CRLF Injection (CWE-93)
High
2022-02-04
Bug Report : [ No Valid SPF Records ]
Ruby
High
2022-01-13
OS Command Injection in '/lib/un.rb -- Utilities to replace common UNIX commands in Makefiles etc'
Ruby OS Command Injection (CWE-78)
Medium
2021-07-19
OS Command Injection in 'rdoc' documentation generator
Ruby OS Command Injection (CWE-78)CVE-2021-31799
Medium
2021-07-13
lib/net/ftp.rb: trusting PASV responses allow client abuse
Ruby Information Disclosure (CWE-200)CVE-2021-31810CVE-2020-8284CVE-2007-1562
Low
2021-07-08
imap: StartTLS stripping attack (CVE-2016-0772).
Ruby Cryptographic Issues - Generic (CWE-310)CVE-2021-32066CVE-2016-0772
Medium
2021-07-08
Code Injection Bug Report
Ruby Code Injection (CWE-94)
Unknown
2021-05-07
'net/ftp': Uncontrolled Resource Consumption (Memory/CPU)
Ruby Uncontrolled Resource Consumption (CWE-400)
Medium
2021-04-21
Round-trip instability in REXML
Ruby CVE-2021-28965
Medium
2021-04-15
Path traversal in Tempfile on windows OS due to unsanitized backslashes
Ruby Path Traversal (CWE-22)CVE-2021-28966
Medium
2021-04-07
DRb denial of service vulnerability
Ruby Uncontrolled Resource Consumption (CWE-400)
None
2021-03-07
Ruby OpenSSL Library - IV Reuse in GCM Mode
Ruby
Unknown
2021-03-07
Command injection in OptionParser.load
Ruby Command Injection - Generic (CWE-77)
Low
2021-03-07
Net::SMTP with tls allows forged certificates as long as the hostname matches
Ruby Improper Certificate Validation (CWE-295)
Medium
2021-01-25
Potential HTTP Request Smuggling in ruby webrick
Ruby HTTP Request Smuggling (CWE-444)
Low
2020-10-29
Variant of CVE-2013-0269 (Denial of Service and Unsafe Object Creation Vulnerability in JSON)
Ruby Business Logic Errors (CWE-840)CVE-2013-0269
Medium
2020-04-23
Source code disclosed via S3 Bucket
Ruby Information Exposure Through Directory Listing (CWE-548)
High
2020-02-13
WEBrick::HTTPAuth::DigestAuth authentication is vulnerable to regular expression denial of service (ReDoS)
Ruby Uncontrolled Resource Consumption (CWE-400)
Low
2019-11-15
HTTP header can split /[\r\n]/ instead of /\r\n/
Ruby CVE-2017-17742
Unknown
2019-10-25
Null character at fnmatch
Ruby
Unknown
2019-10-16
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895