Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
11
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: ibb
Pause-based desync in Apache HTTPD
Internet Bug Bounty HTTP Request Smuggling (CWE-444)
High
2022-08-25
Node.js - DLL Hijacking on Windows
Internet Bug Bounty Untrusted Search Path (CWE-426)
High
2022-07-25
Undici ProxyAgent vulnerable to MITM
Internet Bug Bounty Improper Certificate Validation (CWE-295)
High
2022-07-13
CVE-2022-28738: Double free in Regexp compilation
Internet Bug Bounty Double Free (CWE-415)CVE-2022-28738
High
2022-05-28
Read and write beyond bounds in mod_sed
Internet Bug Bounty Heap Overflow (CWE-122)CVE-2022-23943
High
2022-04-14
CVE-2022-24288: Apache Airflow: TWO RCEs in example DAGs
Internet Bug Bounty Command Injection - Generic (CWE-77)CVE-2022-24288
High
2022-04-01
Time-of-check to time-of-use vulnerability in the std::fs::remove_dir_all() function of the Rust standard library
Internet Bug Bounty Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)CVE-2022-21658
High
2022-03-24
Regexes with large repetitions on empty sub-expressions take a very long time to parse
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2022-24713
High
2022-03-22
Ruby CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse
Internet Bug Bounty Reliance on Cookies without Validation and Integrity Checking in a Security Decision (CWE-784)CVE-2021-41819CVE-2020-8184
High
2022-02-03
Buffer overflow in req_parsebody method in lua_request.c
Internet Bug Bounty Heap Overflow (CWE-122)CVE-2021-44790
High
2022-01-04
CVE-2021-3711: SM2 decrypt buffer overflow
Internet Bug Bounty Classic Buffer Overflow (CWE-120)CVE-2021-3711
High
2021-09-27
Basic Authentication Heap Overflow
Internet Bug Bounty Heap Overflow (CWE-122)CVE-2019-12527
High
2021-08-26
Squid leaks previous content from reusable buffer
Internet Bug Bounty Buffer Over-read (CWE-126)CVE-2019-12528
High
2021-08-26
Cache Poisoning
Internet Bug Bounty Improper Handling of URL Encoding (Hex Encoding) (CWE-177)CVE-2019-12520CVE-2019-12524
High
2021-08-26
Buffer overflow in PyCArg_repr in _ctypes/callproc.c for Python 3.x to 3.9.1
Internet Bug Bounty Classic Buffer Overflow (CWE-120)CVE-2021-3177
High
2021-08-25
The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print()
Internet Bug Bounty Buffer Over-read (CWE-126)CVE-2017-13033
High
2021-08-22
CVE-2017-13050: The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print()
Internet Bug Bounty Buffer Over-read (CWE-126)CVE-2017-13050
High
2021-08-22
CVE-2017-13019: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print()
Internet Bug Bounty Buffer Over-read (CWE-126)CVE-2017-13019
High
2021-08-22
CVE-2020-9383 Floppy OOB read
Internet Bug Bounty Buffer Over-read (CWE-126)CVE-2020-9383
High
2021-08-22
Buffer Overflow in ext_lm_group_acl helper
Internet Bug Bounty Classic Buffer Overflow (CWE-120)CVE-2020-8517
High
2021-07-28
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895