Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports

12,219

CVE-linked

1,854

Programs

342

New This Week

Severity: All Critical High Medium Low

Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375

Program filter: security✕

File Name Enumeration

HackerOne Information Disclosure (CWE-200)

Unknown

2014-11-17

No email verification on username change

HackerOne Information Disclosure (CWE-200)

Unknown

2014-11-17

Window Opener Property Bug

HackerOne

Unknown

2014-10-28

Redirect FILTER bypass in report/comment

HackerOne Open Redirect (CWE-601)

Unknown

2014-10-19

Ability to see common response titles of other teams (limited)

HackerOne Information Disclosure (CWE-200)

Unknown

2014-10-15

homograph attack. IDNs displayed in unicode in bug reports and on external link warning page

HackerOne Violation of Secure Design Principles (CWE-657)

Unknown

2014-10-09

Enumeration of users

HackerOne Violation of Secure Design Principles (CWE-657)

Unknown

2014-10-03

Password Reset Bug

HackerOne Violation of Secure Design Principles (CWE-657)

Unknown

2014-09-25

Change Any username and profile link in hackerone

HackerOne Privilege Escalation (CAPEC-233)

Unknown

2014-09-25

Redirect while opening links in new tabs

HackerOne Open Redirect (CWE-601)

Unknown

2014-09-12

Notification of previous signed out user leakage.

HackerOne Information Disclosure (CWE-200)

Unknown

2014-09-01

Email changing

HackerOne

Unknown

2014-08-28

Account Hijacking (Only rare case scenario)