Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: rockstargames
Blind SSRF in emblem editor (2)
Rockstar Games Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2017-10-28
Stored XSS on support.rockstargames.com
Rockstar Games Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2017-10-10
Reflected XSS in /Videos/ via calling a callback http://www.rockstargames.com/videos/#/?lb=
Rockstar Games Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-09-25
Reflected XSS in reddeadredemption Site located at www.rockstargames.com/reddeadredemption
Rockstar Games Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-09-25
Stored XSS with CRLF injection via post message to user feed
Rockstar Games Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2017-09-18
Comments Denial of Service in socialclub.rockstargames.com
Rockstar Games Code Injection (CWE-94)
Medium
2017-09-11
Stored XSS in snapmatic comments
Rockstar Games Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2017-09-05
Reflected XSS via Double Encoding
Rockstar Games Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2017-09-01
Stored XSS in profile activity feed messages
Rockstar Games Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2017-08-28
flash injection in http://www.rockstargames.com/IV/imgPlayer/imageEmbed.swf
Rockstar Games Resource Injection (CWE-99)
Medium
2017-08-25
dom based xss in http://www.rockstargames.com/GTAOnline/ (Fix bypass)
Rockstar Games Cross-site Scripting (XSS) - DOM (CWE-79)
Medium
2017-08-24
dom based xss in https://www.rockstargames.com/GTAOnline/
Rockstar Games Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2017-08-21
Ability to post comments to a crew even after getting kicked out
Rockstar Games Violation of Secure Design Principles (CWE-657)
Medium
2017-08-08
XSS in http://www.rockstargames.com/theballadofgaytony/js/jquery.base.js
Rockstar Games Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2017-07-17
[IMP] - Blind XSS in the admin panel for reviewing comments
Rockstar Games Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-03-17
Source Code Disclosure (CGI)
Rockstar Games Information Disclosure (CWE-200)
Medium
2017-03-17
DOM based reflected XSS in rockstargames.com/newswire/tags through cross domain ajax request
Rockstar Games Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-03-17
Reflected XSS via #tags= while using a callback in newswire http://www.rockstargames.com/newswire
Rockstar Games Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-03-16
CSRF in 'set.php' via age causes stored XSS on 'get.php' - http://www.rockstargames.com/php/videoplayer_cache/get.php'
Rockstar Games Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-03-10
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895