Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,220
CVE-linked
1,854
Programs
342
New This Week
8
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
CVE-2018-6389 exploitation - using scripts loader
Fastly VDP Uncontrolled Resource Consumption (CWE-400)CVE-2018-6389
Low
2023-04-20
Regular Expression Denial of Service in Headers
Node.js Uncontrolled Resource Consumption (CWE-400)
Low
2023-03-19
No password length restriction in reset password endpoint
Nextcloud Uncontrolled Resource Consumption (CWE-400)CVE-2023-25816
Low
2023-02-09
Missing character limitation allows to put generate a database error
Nextcloud Uncontrolled Resource Consumption (CWE-400)CVE-2023-22470
Low
2023-01-09
No password length limit when creating a user as an administrator
Nextcloud Uncontrolled Resource Consumption (CWE-400)CVE-2022-41969
Low
2022-12-31
Missing length validation of user displayname allows to generate an SQL error
Nextcloud Uncontrolled Resource Consumption (CWE-400)CVE-2022-39346
Low
2022-12-20
Calendar name length not validated before writing to database
Nextcloud Uncontrolled Resource Consumption (CWE-400)CVE-2022-41968
Low
2022-12-01
DOS: out of memory from gif through upload api
Mattermost Uncontrolled Resource Consumption (CWE-400)CVE-2022-3257
Low
2022-09-21
@nextcloud/logger NPM package brings vulnerable ansi-regex version
Nextcloud Uncontrolled Resource Consumption (CWE-400)
Low
2022-07-29
CVE-2022-27781: CERTINFO never-ending busy-loop
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2022-27781
Low
2022-07-24
DoS via lua_read_body() [zhbug_httpd_94]
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2022-29404
Low
2022-07-09
curl "globbing" can lead to denial of service attacks
curl Uncontrolled Resource Consumption (CWE-400)
Low
2022-06-16
CVE-2022-27781: CERTINFO never-ending busy-loop
curl Uncontrolled Resource Consumption (CWE-400)CVE-2022-27781
Low
2022-05-16
DoS via large console messages
Mattermost Uncontrolled Resource Consumption (CWE-400)
Low
2022-04-29
Instance Page DOS within Organization on TikTok Ads
TikTok Uncontrolled Resource Consumption (CWE-400)
Low
2022-03-17
Specially crafted message request crashes the webapp for users who view the message
Mattermost Uncontrolled Resource Consumption (CWE-400)CVE-2021-37863
Low
2022-03-14
%0A (New line) and limitness URL leads to DoS at all system [Main adress (https://www.acronis.com/)]
Acronis Uncontrolled Resource Consumption (CWE-400)
Low
2022-01-04
The possibility of disrupting the normal operation of frontend using markdown
HackerOne Uncontrolled Resource Consumption (CWE-400)
Low
2021-08-24
Cookie Bombing cause DOS - businesses.uber.com
Uber Uncontrolled Resource Consumption (CWE-400)
Low
2021-02-24
DoS attack against the client when entering a long password
Nextcloud Uncontrolled Resource Consumption (CWE-400)
Low
2021-02-14
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895