Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,222
CVE-linked
1,855
Programs
342
New This Week
3
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
SSRF & Blind XSS in Gravatar email
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
High
2022-01-17
Stored XSS via Mermaid Prototype Pollution vulnerability
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-11-18
Stored XSS вирус в al_video.php?act=a_choose_video_box
VK.com Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-11-05
Stored XSS в m.vk.com/video
VK.com Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-11-05
Stored XSS in main page of a project caused by arbitrary script payload in group "Default initial branch name"
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-09-15
[Swiftype] - Stored XSS via document field `url` triggers on `https://app.swiftype.com/engines/<engine>/document_types/<type>/documents/<id>`
Elastic Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-08-03
Improper Sanitization leads to XSS Fire on admin panel
Informatica Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-08-03
Blind Stored XSS in https://partners.acronis.com/admin which lead to sensitive information/PII leakage
Acronis Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-07-29
Stored XSS in custom emoji
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-07-19
Stored-XSS in merge requests
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-07-13
Stored XSS via Mermaid Prototype Pollution vulnerability
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-07-12
Stored DOM XSS via Mermaid chart
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-07-12
Post-Auth Stored XSS with User Interaction leads to Remote Code Execution
Rocket.Chat Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-06-30
Blind Stored XSS on https://█████████ after filling a request at https://█████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-03-11
Stored XSS through name / last name on https://██████████/
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-03-11
[First 30] Stored XSS on login.uber.com/oauth/v2/authorize via redirect_uri parameter
Uber Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-02-25
Stored XSS in wordpress.com
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-02-17
Stored XSS in Intense Debate comment system
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-02-14
Stored XSS via 64(?) vulnerable fields in ███ leads to credential theft/account takeover
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-02-10
Stored XSS at https://www.█████████.mil
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-02-01
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl440
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239