Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
7
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file
Nextcloud Violation of Secure Design Principles (CWE-657)CVE-2020-8133
Low
2020-11-05
XSS Stored via Upload avatar PNG [HTML] File in accounts.shopify.com
Shopify Violation of Secure Design Principles (CWE-657)
Low
2020-08-30
Recently added 'Country' field doesn't send email notification when changed
HackerOne Violation of Secure Design Principles (CWE-657)
Low
2020-08-25
Ability to manipulate price with a max threshold of `<1 Rupee` in support rider parameter
Eternal Violation of Secure Design Principles (CWE-657)
Low
2020-08-08
Subdomain Takeover of multiple *.ttcdn.co domains
Shopify Violation of Secure Design Principles (CWE-657)
Low
2020-07-14
insecure redirect in https://www.rockstargames.com
Rockstar Games Violation of Secure Design Principles (CWE-657)
Low
2020-06-12
[www.drive2.ru] There is no rate limit for comments endpoints.
DRIVE.NET, Inc. Violation of Secure Design Principles (CWE-657)
Low
2020-06-08
Error Page Content Spoofing or Text Injection
Smule Violation of Secure Design Principles (CWE-657)
Low
2020-06-03
IDOR leading to downloading of any attachment
BCM Messenger Violation of Secure Design Principles (CWE-657)
Low
2020-04-11
Arbitrary Set-Cookie via "?coupon=" due to semi-colon not encoded
Nord Security Violation of Secure Design Principles (CWE-657)
Low
2020-04-03
Username and Access Token Disclousure
Nextcloud Violation of Secure Design Principles (CWE-657)CVE-2019-15611
Low
2020-03-01
Tabnabbing in template comments - stripo.email
Stripo Inc Violation of Secure Design Principles (CWE-657)
Low
2020-01-31
Follow by email allows for following by unverified emails
Automattic Violation of Secure Design Principles (CWE-657)
Low
2020-01-14
previous token seems to work even though it does not verify email
WakaTime Violation of Secure Design Principles (CWE-657)
Low
2019-11-27
Linux Desktop application slack executable does not use pie / no ASLR
Slack Violation of Secure Design Principles (CWE-657)
Low
2019-11-17
bypass captcha in the form forgot password
Kartpay Violation of Secure Design Principles (CWE-657)
Low
2019-11-14
Invalidate session after password reset
Liberapay Violation of Secure Design Principles (CWE-657)
Low
2019-11-05
Lack of quarantine meta-attribute for downloaded files leads to GateKeeper bypass
Brave Software Violation of Secure Design Principles (CWE-657)
Low
2019-09-12
Content Spoofing /Text Injection in https://docs.nextcloud.com
Nextcloud Violation of Secure Design Principles (CWE-657)
Low
2019-09-05
Captcha protection Bypass on Forgot password page
Kartpay Violation of Secure Design Principles (CWE-657)
Low
2019-08-05
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895