Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: yelp
CORS Misconfiguration on Yelp
Yelp
Medium
2022-09-28
password field autocomplete enabled
Yelp Insecure Storage of Sensitive Information (CWE-922)
Medium
2022-09-27
xmlrpc file enabled
Yelp Information Disclosure (CWE-200)
Low
2022-06-16
RCE on build server via misconfigured pip install
Yelp Download of Code Without Integrity Check (CWE-494)
Critical
2021-02-09
X-Forward-For Header allows to bypass access restrictions
Yelp Improper Access Control - Generic (CWE-284)
Medium
2020-10-26
Email flooding using user invitation feature in biz.yelp.com due to lack of rate limiting
Yelp Violation of Secure Design Principles (CWE-657)
Medium
2020-09-29
IDOR in locid parameter allowing to view others accounts Profile Locations
Yelp Business Logic Errors (CWE-840)
Low
2020-09-02
Clickjacking lead to remove review
Yelp
Medium
2020-09-01
CRITICAL-CLICKJACKING at Yelp Reservations Resulting in exposure of victim Private Data (Email info) + Victim Credit Card MissUse.
Yelp Improper Access Control - Generic (CWE-284)
Medium
2020-08-21
ClickJacking on IMPORTANT Functions of Yelp
Yelp UI Redressing (Clickjacking) (CAPEC-103)
Low
2020-08-21
Unauthorized Use of Victim Credit Card
Yelp Privacy Violation (CWE-359)
Low
2020-08-21
CRITICAL Insecure Direct Object Reference (I.D.O.R) - Link Other User's Credit Card
Yelp Privacy Violation (CWE-359)
High
2020-08-19
I.D.O.R To Order,Book,Buy,reserve On YELP FOR FREE (UNAUTHORIZED USE OF OTHER USER'S CREDIT CARD)
Yelp Insecure Direct Object Reference (IDOR) (CWE-639)
Critical
2020-08-19
I.D.O.R TO EDIT ALL USER'S CREDIT CARD INFORMATION+(Partial credit card info disclosure)
Yelp Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2020-08-19
JDBC credentials leaked via github
Yelp Information Disclosure (CWE-200)
None
2020-07-27
No rate limiting for confirmation email lead to email flooding
Yelp Violation of Secure Design Principles (CWE-657)
Medium
2020-02-11
Multiple Vulnerabilities in (*.blog.yelp.com) - Leakage user admin Sensitive Exposure
Yelp Business Logic Errors (CWE-840)
Unknown
2020-01-29
DoS of https://blog.yelp.com/ and other WP instances via CVE-2018-6389
Yelp CVE-2018-6389
Medium
2020-01-17
Nginx version disclosure via forbidden page
Yelp Information Disclosure (CWE-200)
Low
2017-11-21
Leaking sensitive information lead to compromise employer API keys
Yelp Insecure Storage of Sensitive Information (CWE-922)
High
2017-11-09
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895