Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,224
CVE-linked
1,856
Programs
342
New This Week
5
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
stripo.email reflected xss
Stripo Inc Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-26
Reflected XSS on card.starbucks.com.sg/unsubRevert.php via the 'ct' Parameter
Starbucks Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-12
Reflected XSS on card.starbucks.com.sg/unsub.php via the 'ct' Parameter
Starbucks Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-12
CSS injection in avito.ru via IE11
Avito Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-12
Reflected XSS in https://lite.pubg.com
PUBG Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2019-12-09
Reflected XSS in pubg.com
PUBG Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2019-12-09
The URL in "Choose a data source'' at "https://bi.owox.com/ui/settings/connected-services/setup/" is not filtered => reflected XSS.
OWOX, Inc. Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2019-12-09
Reflected XSS
OWOX, Inc. Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2019-12-09
Unauthenticated reflected XSS in preview_as_user function
Concrete CMS Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-06
[█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-02
[██████] Reflected GET XSS (/personnel.php?..&folder=*) with mouse action
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-02
[███████] Reflected GET XSS (/mission.php?...&missionDate=*)
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-02
Corda Server XSS ████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-02
Reflected XSS
Bumble Cross-site Scripting (XSS) - Reflected (CWE-79)
Critical
2019-11-21
Reflected XSS in https://www.starbucks.com/account/create/redeem/MCP131XSR via xtl_amount, xtl_coupon_code, xtl_amount_type parameters
Starbucks Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-11-13
A reflected XSS in python/Lib/DocXMLRPCServer.py
Internet Bug Bounty Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2019-16935
Medium
2019-10-19
Reflected cross-site scripting on multiple Starbucks assets.
Starbucks Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2019-10-16
Reflective Cross-site Scripting via Newsletter Form
Shopify Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2019-10-11
XSS while logging using Google
Shopify Cross-site Scripting (XSS) - Reflected (CWE-79)
Unknown
2019-09-11
Xss on community.imgur.com
Imgur Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-09-03
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl442
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239