Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
7
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
App pin of the Android app can be bypassed via 3rdparty apps generating deep links
Nextcloud Improper Authentication - Generic (CWE-287)
Low
2023-05-04
Hide download previews are accessible without a watermark
Nextcloud Improper Access Control - Generic (CWE-284)
Low
2023-05-04
Possible DoS Vulnerability in Multipart MIME parsing in rack
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)
Low
2023-04-27
Credential leak on GitHub: https://github.com/█/█/ (Peoplesoft CRM)
8x8 Use of Hard-coded Credentials (CWE-798)
Low
2023-04-27
HTML INJECTION on coins.state.gov
U.S. Department of State Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)
Low
2023-04-26
Improper Access Control - Generic
Rocket.Chat Improper Access Control - Generic (CWE-284)CVE-2023-28316
Low
2023-04-25
Missing brute force protection for passwords of password protected share links
Nextcloud Improper Restriction of Authentication Attempts (CWE-307)CVE-2023-28847
Low
2023-04-25
Delete any user's added Email,Telephone,Fax,Address,Skype via csrf in (https://academy.acronis.com/)
Acronis
Low
2023-04-25
CVE-2018-6389 exploitation - using scripts loader
Fastly VDP Uncontrolled Resource Consumption (CWE-400)CVE-2018-6389
Low
2023-04-20
CVE-2023-27538: SSH connection too eager reuse still
Internet Bug Bounty Business Logic Errors (CWE-840)CVE-2023-27538
Low
2023-04-19
CVE-2023-25692: Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service and Remote Command Execution
Internet Bug Bounty Improper Input Validation (CWE-20)CVE-2023-25692
Low
2023-04-16
Twitter Broken Link in https://gener8ads.com (Hackerone Profile)
Gener8
Low
2023-04-13
Possible to spoof Origin in "Connected Sites"
MetaMask User Interface (UI) Misrepresentation of Critical Information (CWE-451)
Low
2023-04-13
adding h1_analyst_* to username for normal users
HackerOne Business Logic Errors (CWE-840)
Low
2023-04-12
Sensitive information for phpinfo.php at https://products.ean.com/
Expedia Group Bug Bounty Information Disclosure (CWE-200)
Low
2023-04-11
Testing flow includes a DeepSource secret
Weblate Use of Hard-coded Credentials (CWE-798)
Low
2023-04-11
Bypass parsing of transaction data, users on the phishing site will transfer/approve ERC20 tokens without being alerted
MetaMask Improper Input Validation (CWE-20)
Low
2023-04-10
Ability to control the filename when uploading a logo or favicon on theming
Nextcloud Violation of Secure Design Principles (CWE-657)CVE-2023-28833
Low
2023-04-10
Full Passcode bypass on Nextcloud App iOS
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2023-28647
Low
2023-04-10
Security Unfavorable Specifications and Implementations in the CGI::Cookie Class
Internet Bug Bounty CVE-2021-33621
Low
2023-04-09
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895