Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,222
CVE-linked
1,855
Programs
342
New This Week
3
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Authentication & Registration Bypass in Newspack Extended Access
Automattic Improper Authentication - Generic (CWE-287)
Medium
2024-05-20
LLM01: Invisible Prompt Injection
HackerOne LLM01: Prompt Injection
Medium
2024-05-13
Possible PII Disclosure via Advanced Vetting Process - ██████
HackerOne Information Disclosure (CWE-200)
Medium
2024-05-13
Cross-Domain Leakage of X Username / UserID due to Dynamically Generated JS File
X / xAI Information Disclosure (CWE-200)
Medium
2024-05-10
Ability to see hidden likes
X / xAI Improper Access Control - Generic (CWE-284)
Medium
2024-05-10
IDOR - Leaking of team data (name, email, ID, member ID) via POST /api/v1/graphql `FetchMemberships` operation
Tools for Humanity Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2024-05-09
Member role which doesn't have permission to send message can send by executing channel commands
Mattermost Improper Access Control - Generic (CWE-284)
Medium
2024-05-08
XSS in Aspera documentation website
IBM Cross-site Scripting (XSS) - DOM (CWE-79)
Medium
2024-05-06
Reflected XSS via Keycloak on ███ [CVE-2021-20323]
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2021-20323
Medium
2024-05-03
reflected xss [CVE-2020-3580]
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2020-3580
Medium
2024-05-03
Reflected Cross-site Scripting via search query on ██████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-05-03
Reflected XSS on error message on Login Page
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-05-03
Reflected XSS via Moodle on ███ [CVE-2022-35653]
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2022-35653
Medium
2024-05-03
SQL injection on ██████████ via 'where' parameter
U.S. Dept Of Defense SQL Injection (CWE-89)
Medium
2024-05-03
HTTP Request Smuggling via Content Length Obfuscation
Node.js HTTP Request Smuggling (CWE-444)CVE-2024-27982
Medium
2024-05-03
Code exec on Github runner via Pull request name
Linux Foundation Decentralized Trust Code Injection (CWE-94)
Medium
2024-04-28
CVE-2024-25128: Apache Airflow: Authentication Bypass when Legacy OpenID(2.0) is in use as AUTH_TYPE
Internet Bug Bounty Improper Authentication - Generic (CWE-287)CVE-2024-25128
Medium
2024-04-28
CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2024-27351
Medium
2024-04-28
Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2024-27316
Medium
2024-04-24
RXSS in hidden parameter
IBM Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-04-23
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl440
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239