Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Account Takeover on unverified emails in File Sync & Share
Acronis Violation of Secure Design Principles (CWE-657)
Medium
2021-06-16
Origin IP found, Cloudflare bypassed
CS Money Violation of Secure Design Principles (CWE-657)
Medium
2021-03-30
Over-Privileged API Credentials for Elastic Agent
Elastic Violation of Secure Design Principles (CWE-657)
Medium
2021-03-29
Indexing of urls on the "External link warning" pages discloses many vulnerable endpoints from the past and unlisted videos/photos
HackerOne Violation of Secure Design Principles (CWE-657)
Medium
2021-03-25
RDR2 game service method allows adding any player to a new Posse without consent
Rockstar Games Violation of Secure Design Principles (CWE-657)
Medium
2021-02-23
DNS Setup allows sending mail on behalf of other customers
Basecamp Violation of Secure Design Principles (CWE-657)
Medium
2021-02-21
Email flooding using user invitation feature in biz.yelp.com due to lack of rate limiting
Yelp Violation of Secure Design Principles (CWE-657)
Medium
2020-09-29
Session not invalidated after password reset
Gener8 Violation of Secure Design Principles (CWE-657)
Medium
2020-08-18
Unrestricted File Upload in Chat Window
OWOX, Inc. Violation of Secure Design Principles (CWE-657)
Medium
2020-08-16
No Rate Limiting on https://██████/██████████/accounts/password/reset/ endpoint leads to Denial of Service
U.S. Dept Of Defense Violation of Secure Design Principles (CWE-657)
Medium
2020-05-27
Improper email address verifiation while saving Account Details
Staging.every.org Violation of Secure Design Principles (CWE-657)
Medium
2020-03-23
**minor issue ** -Nextcloud 10.0 session issue with desktop client and android client
Nextcloud Violation of Secure Design Principles (CWE-657)
Medium
2020-03-01
WordPress vulnerable to multiple attacks at https://nextcloud.com
Nextcloud Violation of Secure Design Principles (CWE-657)
Medium
2020-03-01
Admin panel of https://www.stellar.org/wp-admin/
Stellar.org Violation of Secure Design Principles (CWE-657)
Medium
2020-02-23
No rate limiting for confirmation email lead to email flooding
Yelp Violation of Secure Design Principles (CWE-657)
Medium
2020-02-11
No Rate Limiting on /reset-password-request/ endpoint
Stripo Inc Violation of Secure Design Principles (CWE-657)
Medium
2020-02-04
Wordpress unzip_file path traversal
WordPress Violation of Secure Design Principles (CWE-657)
Medium
2020-01-29
Unrestricted file upload in www.semrush.com > /my_reports/api/v1/upload/image
Semrush Violation of Secure Design Principles (CWE-657)
Medium
2020-01-10
Password token leak via Host header
Stripo Inc Violation of Secure Design Principles (CWE-657)
Medium
2019-12-19
Access to job creation web page on http://████████
U.S. Dept Of Defense Violation of Secure Design Principles (CWE-657)
Medium
2019-12-02
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895