Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: udemy
AWS S3 bucket writable for authenticated aws user
Udemy Improper Authentication - Generic (CWE-287)
Unknown
2017-01-05
NON VALIDATION OF SESSIONS AFTER PASSWORD CHANGE
Udemy Improper Authentication - Generic (CWE-287)
Unknown
2016-09-16
Ability to add pishing links in discusion ," Bypassing uneductional Links add "
Udemy Information Disclosure (CWE-200)
Unknown
2016-07-09
Authentication Data are not Clearing
Udemy Improper Authentication - Generic (CWE-287)
Unknown
2016-04-13
Reflected XSS and/or malicious redirection via JWPlayer 6 configuration modification
Udemy Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-02-24
Misconfigured SPF Record Flag
Udemy Violation of Secure Design Principles (CWE-657)
Unknown
2016-02-22
Stored XSS
Udemy Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-02-22
information disclosure
Udemy Information Disclosure (CWE-200)
Unknown
2016-02-07
leak receipt of another user
Udemy Information Disclosure (CWE-200)
Unknown
2015-11-13
XSS Vulnerability
Udemy Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-11-09
XSS on https://www.udemy.com/asset/export.html
Udemy Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-10-08
Extremely high Course rating values could be set in order to make really high Average rating of the course. Negative values could be set to.
Udemy Violation of Secure Design Principles (CWE-657)
Unknown
2015-09-25
xss profile
Udemy Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-16
xss on autoserch
Udemy Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-08
Multiple sub domain are vulnerable because of leaking full path
Udemy Information Disclosure (CWE-200)
Unknown
2015-06-25
teach.udemy.com log poison vulnerability through wordpress debug.log being publically available
Udemy Code Injection (CWE-94)
Unknown
2015-06-09
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895