Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: torproject
Email Spoofing Possible on torproject.org Email Domain
Tor Business Logic Errors (CWE-840)
Medium
2018-10-16
Expose user IP if TOR crashs
Tor
Unknown
2018-09-21
Expose relay IP in the debug (The source is different from the rendering)
Tor
Unknown
2018-07-21
De-anonymization by visiting specially crafted bookmark.
Tor Information Disclosure (CWE-200)
High
2018-07-03
Tor Browser: iframe with `data:` uri has access to parent window
Tor
High
2018-06-06
[tor] pre-emptive defenses, potential vulnerabilities
Tor Violation of Secure Design Principles (CWE-657)
Unknown
2017-11-26
16 instances where return value of OpenSSL i2d_RSAPublicKey is discarded -- might lead to use of uninitialized memory
Tor Information Disclosure (CWE-200)
Unknown
2017-11-26
Access to local file system using javascript
Tor Violation of Secure Design Principles (CWE-657)
High
2017-11-18
Use of uninitialized value in networkstatus_parse_vote_from_string (src/or/routerparse.c:3533)
Tor Memory Corruption - Generic (CWE-119)
None
2017-10-31
Cross-domain linkability when system time changed in Tor Browser
Tor Privacy Violation (CWE-359)
Low
2017-10-26
Linux TBB SFTP URI allows local IP disclosure
Tor Information Disclosure (CWE-200)
Critical
2017-10-25
Use of uninitialized value in memarea_strdup (src/common/memarea.c:369)
Tor Memory Corruption - Generic (CWE-119)
Unknown
2017-10-25
Crashes/Buffer at 0x2C0086,name=PBrowser::Msg_Destroy
Tor Classic Buffer Overflow (CWE-120)
Medium
2017-10-24
Preferred language option fingerprinting issue in Tor Browser
Tor Information Disclosure (CWE-200)
Low
2017-10-24
Use-after-free during XML transformations (MFSA-2016-27)
Tor Memory Corruption - Generic (CWE-119)CVE-2016-1964
Unknown
2017-10-21
Uncloaking hidden services and hidden service users
Tor Man-in-the-Middle (CWE-300)
Unknown
2017-10-20
Scrollbar Width permits detecting browser platform
Tor Information Disclosure (CWE-200)
Low
2017-10-20
Simple CSS line-height identifies platform
Tor Information Disclosure (CWE-200)
Low
2017-10-20
languagechange event fires simultaneously on all tabs
Tor Privacy Violation (CWE-359)
Low
2017-10-19
Enforce minimum master password complexity
Tor Password in Configuration File (CWE-260)
Medium
2017-10-19
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895