Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,222
CVE-linked
1,855
Programs
342
New This Week
5
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Signature Verification /// golang.org/x/crypto/ssh
Sifchain Cryptographic Issues - Generic (CWE-310)
High
2021-12-09
Recaptcha Secret key Leaked
Paragon Initiative Enterprises Information Disclosure (CWE-200)
High
2021-12-04
Authenticated kubernetes principal with restricted permissions can retrieve ingress-nginx serviceaccount token and secrets across all namespaces
Kubernetes Privilege Escalation (CAPEC-233)
High
2021-12-04
Non privileged user is able to approve his own app himself leading to mass privilege escalations.
Lark Technologies Privilege Escalation (CAPEC-233)
High
2021-11-20
Stored XSS via Mermaid Prototype Pollution vulnerability
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-11-18
Social Club Account Takeover Via RGL And Steam/Epic Linked Account
Rockstar Games Privilege Escalation (CAPEC-233)
High
2021-11-17
Leak of Google Sheets API credentials
Azbuka Vkusa Cleartext Transmission of Sensitive Information (CWE-319)
High
2021-11-15
Corporate Jira credentials disclosed in public gist
Azbuka Vkusa Information Disclosure (CWE-200)
High
2021-11-15
IDOR - Other user's delivery address disclosed
Azbuka Vkusa Insecure Direct Object Reference (IDOR) (CWE-639)
High
2021-11-15
Unauthorized access to employee panel with default credentials.
U.S. General Services Administration Authentication Bypass Using an Alternate Path or Channel (CWE-288)
High
2021-11-13
Загружаем видеозаписи в основной альбом любой открытой группе/паблику.
VK.com
High
2021-11-05
Reflected xss в m.vk.com/chatjoin
VK.com Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2021-11-05
Reflected XSS в m.vk.com
VK.com
High
2021-11-05
Stored XSS вирус в al_video.php?act=a_choose_video_box
VK.com Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-11-05
Stored XSS в m.vk.com/video
VK.com Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-11-05
AWS subdomain takeover of www.███████
U.S. Dept Of Defense Improper Access Control - Generic (CWE-284)
High
2021-10-28
Misuse of groups feature allows workspace members to join private channels without being invited
Slack Improper Access Control - Generic (CWE-284)
High
2021-10-21
GPS metadata preserved when converting HEIF to PNG
Reddit Privacy Violation (CWE-359)
High
2021-10-21
critical file found etc/passwd on www.reddit.com
Reddit Information Disclosure (CWE-200)
High
2021-10-21
Deleting all DMs on RedditGifts.com
Reddit Insecure Direct Object Reference (IDOR) (CWE-639)
High
2021-10-21
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl440
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239