Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
9
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Dangling DNS Record docs.jitsi.net (unsuccessful GSuite takeover)
8x8 Violation of Secure Design Principles (CWE-657)
Low
2023-04-03
the complete server installation path is visible in cloud/user endpoint
Nextcloud Improper Removal of Sensitive Information Before Storage or Transfer (CWE-212)CVE-2023-28834
Low
2023-03-30
Insecure randomness for default password in file sharing when password policy app is disabled
Nextcloud Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)CVE-2023-28835
Low
2023-03-30
iOS group chat denial of service
LY Corporation Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
Low
2023-03-29
Stored XSS Via Filename On https://partners.line.me/
LY Corporation Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2023-03-28
Debugging panel exposure
LY Corporation Improper Access Control - Generic (CWE-284)
Low
2023-03-28
speedtest.8x8.com: Enabled Directory Listing
8x8 Information Exposure Through Directory Listing (CWE-548)
Low
2023-03-28
Bypassing creation of API tokens without email verification
Cloudflare Public Bug Bounty Improper Authentication - Generic (CWE-287)
Low
2023-03-27
Bypassing Whitelist to perform SSRF for internal host scanning
U.S. Department of State Server-Side Request Forgery (SSRF) (CWE-918)
Low
2023-03-24
CVE-2023-27537: HSTS double-free
Internet Bug Bounty Double Free (CWE-415)CVE-2023-27537
Low
2023-03-23
CVE-2023-27538: SSH connection too eager reuse still
curl Authentication Bypass by Primary Weakness (CWE-305)CVE-2023-27538
Low
2023-03-22
CVE-2023-27536: GSS delegation too eager connection re-use
curl Authentication Bypass by Primary Weakness (CWE-305)CVE-2023-27536
Low
2023-03-22
CVE-2023-27534: SFTP path ~ resolving discrepancy
curl Path Traversal (CWE-22)CVE-2023-27534
Low
2023-03-22
CVE-2023-27533: Telnet option IAC injection
curl Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)CVE-2023-27533
Low
2023-03-22
CVE-2023-27536: GSS delegation too eager connection re-use
Internet Bug Bounty Business Logic Errors (CWE-840)CVE-2023-27536
Low
2023-03-20
CVE-2023-27534: SFTP path ~ resolving discrepancy
Internet Bug Bounty Business Logic Errors (CWE-840)CVE-2023-27534
Low
2023-03-20
CVE-2023-27533: TELNET option IAC injection
Internet Bug Bounty Business Logic Errors (CWE-840)CVE-2023-27533
Low
2023-03-20
CVE-2023-27537: HSTS double-free
curl Double Free (CWE-415)CVE-2023-27537
Low
2023-03-20
Regular Expression Denial of Service in Headers
Node.js Uncontrolled Resource Consumption (CWE-400)
Low
2023-03-19
Insecure loading of ICU data through ICU_DATA environment variable
Node.js CVE-2023-23920
Low
2023-03-19
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895