Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Snooping into messages via email service
Slack Improper Authentication - Generic (CWE-287)
Unknown
2016-09-14
Reading Emails in Uber Subdomains
Uber Improper Authentication - Generic (CWE-287)
Unknown
2016-09-14
Get organization info base on uuid
Uber Improper Authentication - Generic (CWE-287)
Unknown
2016-09-02
(FULL PATH DISCLOSURE) Unknown MySQL server host 'shardm-reader.chi2.shopify.io'
Shopify Improper Authentication - Generic (CWE-287)
Unknown
2016-09-01
Request Accepts without X-CSRFToken [ Header - Cookie ]
drchrono Improper Authentication - Generic (CWE-287)
Unknown
2016-08-31
Reset Link Issue
Gratipay Improper Authentication - Generic (CWE-287)
None
2016-08-30
Business logic Failure - Browser cache management and logout vulnerability in Certly
Certly Improper Authentication - Generic (CWE-287)
Unknown
2016-08-29
Email spoofing-fake mail from your mail domain server
Legal Robot Improper Authentication - Generic (CWE-287)
Unknown
2016-08-27
Bypass verification of email while creating account(No rate limiting enable for verification code)
MapLogin Improper Authentication - Generic (CWE-287)
Unknown
2016-08-25
Email Spoofing With Your Website's Email
Paragon Initiative Enterprises Improper Authentication - Generic (CWE-287)
Unknown
2016-08-24
Wordpress Vulnerabilities in transparencyreport.uber.com and eng.uber.com domains
Uber Improper Authentication - Generic (CWE-287)
Unknown
2016-08-24
auto-logout after 20 minutes
Gratipay Improper Authentication - Generic (CWE-287)
Low
2016-08-23
Urgent : Disclosure of all the apps with hash ID in mopub through API request (Authentication bypass)
X / xAI Improper Authentication - Generic (CWE-287)
Unknown
2016-08-22
Broken authentication and session management flaw
Coursera Improper Authentication - Generic (CWE-287)
Unknown
2016-08-18
[IODR] Get business trip via organization id
Uber Improper Authentication - Generic (CWE-287)
Unknown
2016-08-15
[CRITICAL] -- Complete Account Takeover
Uber Improper Authentication - Generic (CWE-287)
Unknown
2016-08-15
Source code leakage through GIT web access at host '52.91.137.42'
Slack Improper Authentication - Generic (CWE-287)
Unknown
2016-08-15
Bypassing Digits web authentication's host validation with HPP
X / xAI Improper Authentication - Generic (CWE-287)
Unknown
2016-08-12
Unauthorized access to Zookeeper on http://locutus-zk3.ec2.shopify.com:2181
Shopify Improper Authentication - Generic (CWE-287)
Unknown
2016-08-08
Critical : Access to group videos where videos are restricted for all users(Broken authentication )
ok.ru Improper Authentication - Generic (CWE-287)
Unknown
2016-08-01
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895