Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,250
CVE-linked
1,864
Programs
343
New This Week
8
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Reflected XSS vulnerability on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-07-05
Stored cross site scripting (XSS) vulnerability on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-06-23
Reflected cross-site scripting (XSS) vulnerability on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-06-23
Reflective XSS vulnerability on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-06-23
Reflected XSS vulnerability on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-06-23
Cross-site request forgery (CSRF) vulnerability in a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-06-23
Reflected XSS vulnerability on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-06-16
DOM Based XSS on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-06-16
Reflected XSS on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-06-16
Reflected XSS on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-06-16
DOM XSS vulnerability in search dialogue (NC-SA-2017-007)
Nextcloud Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2017-0890
Low
2017-06-07
Stored XSS in Gallery application (NC-SA-2017-010)
Nextcloud Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2017-0893
Low
2017-06-06
Reflected XSS on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-06-01
Reflected XSS on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-06-01
Reflected XSS on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-06-01
Reflected XSS on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-05-31
Stored XSS in Adress Book (starbucks.com/account/profile)
Starbucks Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-05-31
XSS at in instacart.com/store/partner_recipe
Instacart Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-05-30
HTML injection in Desktop Client
ownCloud Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-05-23
Self XSS at translation page through Editor Link at demo.weblate.org
Weblate Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-05-17
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl459
Node.js third-party modules307
GitLab258
X / xAI250 $7,000
Uber239