Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: vimeo
A user can add videos to other user's private groups
Vimeo Privilege Escalation (CAPEC-233)
Unknown
2015-04-23
URGENT - Subdomain Takeover on status.vimeo.com due to unclaimed domain pointing to statuspage.io
Vimeo Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2015-04-18
Vimeo + & Vimeo PRO Unautorised Tax bypass
Vimeo
Unknown
2015-04-18
Vimeo.com - Reflected XSS Vulnerability
Vimeo Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-04-08
abusing Thumbnails(https://vimeo.com/upload/select_thumb) to see a private video
Vimeo Privilege Escalation (CAPEC-233)
Unknown
2015-04-03
Can message users without the proper authorization
Vimeo Improper Authentication - Generic (CWE-287)
Unknown
2015-04-01
Bypassing Email verification
Vimeo
Unknown
2015-03-29
CRITICAL vulnerability - Insecure Direct Object Reference - Unauthorized access to `Videos` of Channel whose privacy is set to `Private`.
Vimeo Privilege Escalation (CAPEC-233)
Unknown
2015-03-18
subdomain takeover 1511493148.cloud.vimeo.com
Vimeo Violation of Secure Design Principles (CWE-657)
Unknown
2015-03-13
A user can post comments on other user's private videos
Vimeo Privilege Escalation (CAPEC-233)
Unknown
2015-03-11
A user can edit comments even after video comments are disabled
Vimeo Privilege Escalation (CAPEC-233)
Unknown
2015-03-11
player.vimeo.com - Reflected XSS Vulnerability
Vimeo Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-03-09
Vimeo.com - reflected xss vulnerability
Vimeo Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-03-09
Full account takeover via Add a New Email to account without email verified and without password confirmation.
Vimeo Violation of Secure Design Principles (CWE-657)
Unknown
2015-03-06
Poodle bleed vulnerability in cloud sub domain
Vimeo Cryptographic Issues - Generic (CWE-310)
Unknown
2015-03-05
Ability to Download Music Tracks Without Paying (Missing permission check on`/musicstore/download`)
Vimeo Improper Authentication - Generic (CWE-287)
Unknown
2015-03-01
Adding profile picture to anyone on Vimeo
Vimeo Violation of Secure Design Principles (CWE-657)
Unknown
2015-02-26
Vimeo.com Insecure Direct Object References Reset Password
Vimeo Improper Authentication - Generic (CWE-287)
Unknown
2015-02-26
XSS on any site that includes the moogaloop flash player | deprecated embed code
Vimeo Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-02-22
profile photo update bypass
Vimeo Privilege Escalation (CAPEC-233)
Unknown
2015-02-17
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895