Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Email/OTP verification bypass leads to Pre-Account Takeover.
S-Pankki Improper Authentication - Generic (CWE-287)
Medium
2022-02-07
Missing authentication in buddy group API of LINE TIMELINE
LY Corporation Improper Authentication - Generic (CWE-287)
Medium
2021-12-27
[jitsi-meet] Authentication Bypass when using JWT w/ public keys
8x8 Improper Authentication - Generic (CWE-287)
Medium
2021-11-20
Tokenless GUI Authentication
Kubernetes Improper Authentication - Generic (CWE-287)
Medium
2021-11-04
Authentication Bypass & ApacheTomcat Misconfiguration in [██]
8x8 Improper Authentication - Generic (CWE-287)
Medium
2021-11-04
pam_ussh does not properly validate the SSH certificate authority
Uber Improper Authentication - Generic (CWE-287)
Medium
2021-07-21
your-store.myshopify.com preview link is leak on third party website lead to preview all action from store owner Without store Password.
Shopify Improper Authentication - Generic (CWE-287)
Medium
2021-07-12
Federated shares are not password protected
Nextcloud Improper Authentication - Generic (CWE-287)
Medium
2021-06-16
HackerOne Jira integration plugin Leaked JWT to unauthorized jira users
HackerOne Improper Authentication - Generic (CWE-287)
Medium
2021-04-01
Misconfigured AWS S3 bucket leaks senstive data such of admin, Prdouction,beta, localhost and many more directories....
U.S. Dept Of Defense Improper Authentication - Generic (CWE-287)
Medium
2021-03-24
CVE 2020 14179 on jira instance
U.S. Dept Of Defense Improper Authentication - Generic (CWE-287)
Medium
2021-02-18
email verification bypass
Algolia Improper Authentication - Generic (CWE-287)
Medium
2021-02-18
Remote hacker can download all the files of master branch in public projects where everything is members only.
GitLab Improper Authentication - Generic (CWE-287)
Medium
2021-02-15
Bypass Password Authentication to Update the Password
X / xAI Improper Authentication - Generic (CWE-287)
Medium
2021-02-12
Register with non accepted email types on https://███████
U.S. Dept Of Defense Improper Authentication - Generic (CWE-287)
Medium
2021-02-10
Able to upload backgrounds before entering 2FA
CS Money Improper Authentication - Generic (CWE-287)
Medium
2021-02-03
loing in to marketplace panel on enablement.informatica.com
Informatica Improper Authentication - Generic (CWE-287)
Medium
2021-01-20
Subdomain Takeover Via via Dangling NS records on Amazon Route 53 http://api.e2e-kops-aws-canary.test-cncf-aws.canary.k8s.io
Kubernetes Improper Authentication - Generic (CWE-287)CVE-2017-14389
Medium
2020-11-29
PIN for passwordless WebAuthn is asked for but not verified
Nextcloud Improper Authentication - Generic (CWE-287)CVE-2020-8236
Medium
2020-10-28
[cs.money] Open Redirect Leads to Account Takeover
CS Money Improper Authentication - Generic (CWE-287)
Medium
2020-09-30
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895