Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Reflected XSS in "Create Category" Functionality of Post Creation Module
MainWP Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2025-07-17
Stored Cross-Site Scripting (XSS) in "Add Contact" Name Field – MainWP Plugin
MainWP Cross-site Scripting (XSS) - Reflected (CWE-79)
Unknown
2025-07-17
Reflected XSS in "Client Notes" Field
MainWP Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2025-07-13
RXSS AT https://proze.yelp.com/tmsubscribe.net/vidsn.aspx
Yelp Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2025-06-30
[XSS] Reflected XSS via POST request in (███████)
Mars Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2025-06-12
Reflected XSS In Marketing Reports Page On *.myshopify.com/admin
Shopify Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2025-04-15
XSS vulnerability found in javascript code of https://███.mil
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2025-01-24
XSS found in https://www.████████.mil
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2025-01-24
POST based Cross-Site Scripting on IBM research endpoint
IBM Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2025-01-23
[oem.acronis.com] Reflected Cross Site Scripting
Acronis Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-12-28
[ CVE-2018-1000129 ] RXSS At `https://███████` via the URI
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2018-1000129
Medium
2024-12-18
XSS Reflected
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-12-18
RXSS on ████ via configUrl parameter
Mars Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2024-11-26
RXSS on ████ via q parameter
Mars Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2024-11-21
Reflected XSS in https://www.acronis.com/products/cyber-protect/trial/
Acronis Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2024-11-20
RXSS in ███ via S parameter
Mars Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-11-19
Reflected XSS on formaction parameter
Mars Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-11-19
Potential XSS in redirect_url Parameter
Acronis Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-11-06
Reflected - XSS
MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2024-10-21
Reflected XSS in https://nin.mtn.ng/nin/success?message=lol&nin=<VULNERABLE>
MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)
Critical
2024-10-05
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895