Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Attachment in published HackerOne report exposure private program
HackerOne Information Disclosure (CWE-200)
Low
2023-06-07
DOS via cache poisoning on [developer.mozilla.org]
Mozilla Cache Poisoning (CAPEC-141)
Low
2023-06-05
IDOR in family pairing API
TikTok Insecure Direct Object Reference (IDOR) (CWE-639)
Low
2023-06-02
Arbitrary escape sequence injection in docker-machine from worker nodes
GitLab Command Injection - Generic (CWE-77)
Low
2023-06-02
Any one can view collaborater email address via path /reports/<id>/participants
HackerOne Improper Access Control - Generic (CWE-284)
Low
2023-06-01
Blind SSRF as normal user from mailapp
Nextcloud Server-Side Request Forgery (SSRF) (CWE-918)CVE-2023-33184
Low
2023-05-30
Domain Takeover - gl-canary.freetls.fastly.net
GitLab Privilege Escalation (CAPEC-233)
Low
2023-05-30
CVE-2023-28320 - siglongjmp race condition
Internet Bug Bounty Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)CVE-2023-28320
Low
2023-05-26
Privilege escalation to root in Pages build image v2
Cloudflare Public Bug Bounty Privilege Escalation (CAPEC-233)
Low
2023-05-26
Git Arg Injection in kubernetes-sigs/release-sdk
Kubernetes
Low
2023-05-25
https://www.wotif.com/vc/blog/info.php script is prone to reflected HTML/CSS injection and COOKIE leak
Expedia Group Bug Bounty Code Injection (CWE-94)
Low
2023-05-20
Impact of Using the PHP Function "phpinfo()" on System Security - PHP info page disclosure
U.S. Department of State Information Disclosure (CWE-200)
Low
2023-05-18
Rate limit is implemented in Reddit , but its not working .
Reddit Improper Authentication - Generic (CWE-287)
Low
2023-05-18
Program managers can see draft reports using Export Reports feature
HackerOne Business Logic Errors (CWE-840)
Low
2023-05-18
CVE-2023-28321: IDN wildcard match
curl Improper Certificate Validation (CWE-295)CVE-2023-28321
Low
2023-05-18
CVE-2023-28322: more POST-after-PUT confusion
curl Expected Behavior Violation (CWE-440)CVE-2023-28322CVE-2022-32221
Low
2023-05-18
CVE-2023-28320: siglongjmp race condition
curl Improper Synchronization (CWE-662)CVE-2023-28320
Low
2023-05-17
No rate limit while adding Additional emails feature
Nextcloud
Low
2023-05-16
HTML injection in email at https://www.hackerone.com/
HackerOne Code Injection (CWE-94)
Low
2023-05-12
Attacker can unpin posts from companies he's not part of.
LinkedIn
Low
2023-05-12
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895