Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
7
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Stored XSS via SMTP Error Message
XVIDEOS Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2025-01-24
Stored XSS on trix editor version 2.1.1
Basecamp Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2024-34341
High
2024-11-04
Blind XSS on admin.acronis.com via delete account form on account.acronis.com
Acronis Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-10-30
Stored-XSS-ads.tiktok.com
TikTok Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2024-10-02
Stored Xss On "https://www.question.com/"
Drugs.com Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-09-20
Stored XSS in reclamos
MercadoLibre Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-09-09
CVE-2024-41937: Apache Airflow: Stored XSS Vulnerability on provider link
Internet Bug Bounty Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2024-41937
Low
2024-09-07
Blind Stored XSS on the internal host - █████████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-08-16
XSS via /api/v1/chat.postMessage
Rocket.Chat Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2024-08-10
XSS in various MessageTypes
Rocket.Chat Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-08-10
Multiple XSS and open HTTP redirection
ExpressionEngine Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-07-16
[CVE-2024-32464] ActionText ContentAttachment’s can Contain Unsanitized HTML
Internet Bug Bounty Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2024-32464
Medium
2024-06-30
Stored XSS filter bypass on discussion forum. "URL" tag.
ExpressionEngine Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2024-05-28
Stored XSS filter bypass on discussion forum.
ExpressionEngine Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2024-05-28
Stored-XSS injected in Wiki page via Banzai pipeline
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-05-28
Stored XSS in messages
SideFX Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2024-04-17
Stored XSS on LinkedIn App via iframe tag in Article
LinkedIn Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2024-02-28
Client Side Template Injection to Stored XSS in Image Collection
Mars Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-02-14
Blind Stored XSS in shopify internal Parquet Viewer
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2024-02-08
HTML injection in search UI when selecting a circle with HTML in the display name
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2023-48301
Low
2023-11-21
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895