Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: curl
curl on Windows can be forced to execute code via OpenSSL environment variables
curl Privilege Escalation (CAPEC-233)CVE-2019-1552CVE-2019-5443
High
2021-02-08
Unexpected access to process open files via file:///proc/self/fd/n
curl Information Disclosure (CWE-200)
High
2021-02-08
Division by zero if terminal width is 2
curl Improper Input Validation (CWE-20)
Unknown
2021-02-08
Integer overlow in "header_append" function
curl Integer Overflow (CWE-190)
Unknown
2021-02-08
Integer overflow in the source code tool_cb_prg.c
curl Integer Overflow (CWE-190)
Unknown
2021-02-08
Libcurl ocasionally sends HTTPS traffic to port 443 rather than specified port 8080
curl Information Disclosure (CWE-200)
Medium
2021-02-03
Poll loop/hang on incomplete HTTP header
curl Uncontrolled Resource Consumption (CWE-400)
Medium
2021-01-22
SMB access smuggling via FILE URL on Windows
curl Improper Input Validation (CWE-20)
None
2021-01-17
Double-free of `trailers_buf' on `Curl_http_compile_trailers()` failure
curl Double Free (CWE-415)
Medium
2021-01-12
Incorrect IPv6 literal parsing leads to validated connection to unexpected https server.
curl Improper Handling of URL Encoding (Hex Encoding) (CWE-177)
Medium
2021-01-12
SSRF via maliciously crafted URL due to host confusion
curl Server-Side Request Forgery (SSRF) (CWE-918)CVE-2018-3774
Critical
2021-01-08
Race condition with CURL_LOCK_DATA_CONNECT can cause connections to be used at the same time
curl Use After Free (CWE-416)
Low
2021-01-08
Heap Buffer Overflow (READ of size 1) in ourWriteOut
curl Heap Overflow (CWE-122)
Low
2021-01-08
libcurl: SMTP end-of-response out-of-bounds read - CVE-2019-3823
curl Heap Overflow (CWE-122)CVE-2019-3823
High
2021-01-08
curl still vulnerable to SMB access smuggling via FILE URL on Windows
curl Improper Input Validation (CWE-20)CVE-2019-15601
Unknown
2021-01-08
Curl_auth_create_plain_message integer overflow leads to heap buffer overflow
curl Incorrect Calculation of Buffer Size (CWE-131)CVE-2018-16839
Low
2021-01-08
curl successfully matches IP address literal in URL against IP address literal in certificate Common Name
curl Improper Certificate Validation (CWE-295)CVE-2019-14553
Unknown
2021-01-08
Only OpenSSL handles a CRL when passed in via CApath
curl Improper Certificate Validation (CWE-295)
High
2021-01-08
Abusing URL Parsers by long schema name
curl Server-Side Request Forgery (SSRF) (CWE-918)
None
2021-01-08
CVE-2020-8285: FTP wildcard stack overflow
curl Uncontrolled Recursion (CWE-674)CVE-2020-8285
Medium
2021-01-08
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895