Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,231
CVE-linked
1,858
Programs
342
New This Week
12
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 657 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: deptofdefense
Sensitive Information Leaking Through Navy Website. [█████]
U.S. Dept Of Defense Cleartext Storage of Sensitive Information (CWE-312)
High
2020-05-14
Sensitive Information Leaking Through DARPA Website. [█████████]
U.S. Dept Of Defense Insufficiently Protected Credentials (CWE-522)
Medium
2020-05-14
No ACL on S3 Bucket in [https://www.██████████/]
U.S. Dept Of Defense Improper Access Control - Generic (CWE-284)
Medium
2020-05-14
Application level DoS via xmlrpc.php
U.S. Dept Of Defense Uncontrolled Resource Consumption (CWE-400)
Medium
2020-05-14
Username&password is Disclosure in readme file in [https://█████████]
U.S. Dept Of Defense Information Disclosure (CWE-200)
High
2020-05-14
Admin Login Credential Leak for DoD Gitlab EE instance
U.S. Dept Of Defense Information Disclosure (CWE-200)
High
2020-05-14
Unencrypted __VIEWSTATE parameter in a DoD website
U.S. Dept Of Defense Cryptographic Issues - Generic (CWE-310)
Medium
2020-05-14
Padding Oracle ms10-070 in the a DoD website (https://██████/)
U.S. Dept Of Defense Cryptographic Issues - Generic (CWE-310)
Medium
2020-05-14
Improper Neutralization of Input During Web Page Generation
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-05-14
Null byte Injection in https://████/
U.S. Dept Of Defense Improper Null Termination (CWE-170)
High
2020-05-14
Bypassing CORS Misconfiguration Leads to Sensitive Exposure
U.S. Dept Of Defense Business Logic Errors (CWE-840)
Medium
2020-05-14
CORS Misconfiguration Leads to Exposing User Data
U.S. Dept Of Defense Improper Access Control - Generic (CWE-284)
High
2020-05-14
idor on upload profile functionality
U.S. Dept Of Defense Insecure Direct Object Reference (IDOR) (CWE-639)
High
2020-05-14
Publicly accessible Grafana install allows pivoting to Prometheus datasource
U.S. Dept Of Defense Information Disclosure (CWE-200)
High
2020-05-14
Reflected cross-site scripting vulnerability on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2020-05-14
Followup - SQL Injection - https://██████████/██████/MSI.portal
U.S. Dept Of Defense SQL Injection (CWE-89)
High
2020-05-14
SQL Injection - https://███/█████████/MSI.portal
U.S. Dept Of Defense SQL Injection (CWE-89)
Medium
2020-05-14
Internal IP Address Disclosed
U.S. Dept Of Defense Information Disclosure (CWE-200)
Medium
2020-05-14
[https://███] Local File Inclusion via graph.php
U.S. Dept Of Defense Path Traversal (CWE-22)
Medium
2020-05-14
Firewall rules for ████████ can be bypassed to leak site authors
U.S. Dept Of Defense Information Disclosure (CWE-200)
Medium
2020-05-14
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl447
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239