Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,221
CVE-linked
1,854
Programs
342
New This Week
5
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Race condition in User comments Likes
Eternal Violation of Secure Design Principles (CWE-657)
Low
2022-02-09
Misconfiguration in build environment allows DLL preloading attack
Monero
Low
2022-01-29
Cross site scripting via file upload in subdomain ads.tiktok.com
TikTok Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2022-01-25
Prototype pollution via console.table properties
Node.js Modification of Assumed-Immutable Data (MAID) (CWE-471)CVE-2022-21824
Low
2022-01-11
ABLE TO TRICK THE VICTIM INTO USING A CRAFTED EMAIL ADDRESS FOR A PARTICULAR SESSION AND THEN LATER TAKE BACK THE ACCOUNT
Mattermost Violation of Secure Design Principles (CWE-657)CVE-2021-37862
Low
2022-01-05
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
8x8 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)
Low
2022-01-05
OPEN REDIRECT
Nutanix Open Redirect (CWE-601)
Low
2022-01-04
%0A (New line) and limitness URL leads to DoS at all system [Main adress (https://www.acronis.com/)]
Acronis Uncontrolled Resource Consumption (CWE-400)
Low
2022-01-04
Bot setting information leakage in OpenChat room
LY Corporation Improper Access Control - Generic (CWE-284)
Low
2021-12-27
Xss At Shopify Email App
Shopify Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2021-12-24
Reflected Cross-Site Scripting/HTML Injection
Informatica Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2021-12-17
Broken Link Takeover from kubernetes.io docs
Kubernetes Improper Access Control - Generic (CWE-284)
Low
2021-12-16
Weak rate limit could lead to ATO due to weak password protection mechanisms
Reddit Improper Restriction of Authentication Attempts (CWE-307)
Low
2021-12-15
[dubsmash] Username and password bruteforce
Reddit Improper Restriction of Authentication Attempts (CWE-307)
Low
2021-12-13
No Rate limit on change password leads to account takeover
Reddit Improper Restriction of Authentication Attempts (CWE-307)
Low
2021-12-13
Username disclosure at Main Domain
Sifchain Information Disclosure (CWE-200)
Low
2021-12-09
Design Issues at Main Domain
Sifchain Violation of Secure Design Principles (CWE-657)
Low
2021-12-09
Wrong Implementation of Url in https://docs.sifchain.finance/
Sifchain Misconfiguration (CWE-16)
Low
2021-12-09
Wrong Url in Main page of sifchain.finance
Sifchain Misconfiguration (CWE-16)
Low
2021-12-09
Clickjacking
Sifchain UI Redressing (Clickjacking) (CAPEC-103)
Low
2021-12-09
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239