Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
coinbase Email leak while sending and requesting
Coinbase Improper Authentication - Generic (CWE-287)
Low
2016-10-11
bug
Veris Improper Authentication - Generic (CWE-287)
Unknown
2016-10-10
Access to internal CMS containing private Data
Yelp Improper Authentication - Generic (CWE-287)
Unknown
2016-10-07
Add signature to transactions without any permission
Shopify Improper Authentication - Generic (CWE-287)
Unknown
2016-10-07
All Plugins - Direct file access to plugin files Vulnerability
Ian Dunn Improper Authentication - Generic (CWE-287)
Unknown
2016-10-06
CORS (Cross-Origin Resource Sharing)
Legal Robot Improper Authentication - Generic (CWE-287)
Unknown
2016-10-05
Password Reset emails missing TLS leads account takeover
RubyGems Improper Authentication - Generic (CWE-287)
Unknown
2016-10-04
[CRITICAL]-Taking over entire subdomain of romit.io
Enter Improper Authentication - Generic (CWE-287)
Unknown
2016-10-03
missing SPF for legalrobot.com
Legal Robot Improper Authentication - Generic (CWE-287)
Unknown
2016-09-25
SPF Issue
Legal Robot Improper Authentication - Generic (CWE-287)
Unknown
2016-09-25
SSL Issue on legalrobot.com
Legal Robot Improper Authentication - Generic (CWE-287)
Unknown
2016-09-25
Password Reset Link issue
Nextcloud Improper Authentication - Generic (CWE-287)
Unknown
2016-09-23
Access to Splunk via shard3-db2.ec2.shopify.com endpoint
Shopify Improper Authentication - Generic (CWE-287)
Unknown
2016-09-19
No valid SPF record
Legal Robot Improper Authentication - Generic (CWE-287)
Unknown
2016-09-19
Rate limiting on Email confirmation link
Legal Robot Improper Authentication - Generic (CWE-287)
Unknown
2016-09-19
shopper login_code's can be brute forced
Instacart Improper Authentication - Generic (CWE-287)
Unknown
2016-09-17
NON VALIDATION OF SESSIONS AFTER PASSWORD CHANGE
Udemy Improper Authentication - Generic (CWE-287)
Unknown
2016-09-16
- Guessing registered users in legalrobot.com
Legal Robot Improper Authentication - Generic (CWE-287)
Unknown
2016-09-16
Rate limiting on password reset links
Legal Robot Improper Authentication - Generic (CWE-287)
Unknown
2016-09-16
Generate new Test token
Slack Improper Authentication - Generic (CWE-287)
Unknown
2016-09-15
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895