Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: gratipay
prevent content spoofing on /~username/emails/verify.html
Gratipay Violation of Secure Design Principles (CWE-657)
Unknown
2017-07-10
SSl Weak Ciphers
Gratipay Cryptographic Issues - Generic (CWE-310)
Low
2017-07-10
Insecure Transportation Security Protocol Supported (TLS 1.0)
Gratipay Violation of Secure Design Principles (CWE-657)
Unknown
2017-07-10
self cross site scripting
Gratipay Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-07-10
Possible User Session Hijack using Invalid HTTPS certificate on inside.gratipay.com domain
Gratipay Violation of Secure Design Principles (CWE-657)
Medium
2017-06-24
Possible user session hijack by invalid HTTPS certificate on inside.gratipay.com domain
Gratipay Violation of Secure Design Principles (CWE-657)
Low
2017-06-21
CSP Policy Bypass and javascript execution Still Not Fixed
Gratipay
None
2017-06-19
CSP Policy Bypass and javascript execution
Gratipay
Unknown
2017-06-18
Email Spoofing
Gratipay Violation of Secure Design Principles (CWE-657)
Unknown
2017-06-17
limit number of images in statement
Gratipay Violation of Secure Design Principles (CWE-657)
Medium
2017-06-16
Prevent content spoofing on /~username/emails/verify.html
Gratipay Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-06-16
X-Content-Type Header Missing For aspen.io
Gratipay Violation of Secure Design Principles (CWE-657)
Unknown
2017-06-15
change bank account numbers
Gratipay Information Disclosure (CWE-200)
Medium
2017-06-12
Gratipay Website CSP "script-scr" includes "unsafe-inline"
Gratipay HTTP Request Smuggling (CWE-444)
Low
2017-05-25
nginx version disclosure on downloads.gratipay.com
Gratipay Information Disclosure (CWE-200)
Unknown
2017-05-18
Unauthorized access to the slack channel via inside.gratipay.com/appendices/chat
Gratipay Improper Authentication - Generic (CWE-287)
None
2017-05-09
Harden resend throttling
Gratipay Violation of Secure Design Principles (CWE-657)
Medium
2017-04-16
POODLE SSLv3.0
Gratipay
None
2017-04-09
Transferring incorrect data to the http://gip.rocks/v1 endpoint with correct Content-Type leads to local paths disclosure through the error message
Gratipay Information Exposure Through an Error Message (CWE-209)
Low
2017-04-08
HTTP trace method is enabled on gip.rocks
Gratipay Violation of Secure Design Principles (CWE-657)
Medium
2017-04-08
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895