Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,262
CVE-linked
1,866
Programs
343
New This Week
0
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 654 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Value of JSESSIONID and XSRF token parameter in cookie remains same before and after login
RelateIQ Violation of Secure Design Principles (CWE-657)
Unknown
2014-05-14
Flooding mailbox of user
HackerOne Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-30
Arbitrary file uploads to Amazon WS.
HackerOne Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-26
Host Header is not validated resulting in Open Redirect
IRCCloud Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-24
HTTP Strict transport security policy not enabled
Respondly Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-21
No Wildcard DNS
Localize Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-21
Allowed method disclosure
Respondly Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-21
XSRF token problem
RelateIQ Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-20
Securing sensitive pages from SearchBots
HackerOne Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-20
Sensitive file
Localize Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-18
HttpOnly flag not set for cookie on concrete5.org
Concrete CMS Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-16
Bruteforce attack in login panel
Faceless Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-15
Leaking Referrer in Reset Password Link
IRCCloud Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-12
Blocking yourself
Faceless Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-11
User impersonation is possible with incoming webhooks
Slack Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-10
CRITICAL BUG!
MS-DOS Violation of Secure Design Principles (CWE-657)
Unknown
2014-04-01
User Enumeration, Information Disclosure and Lack of Rate Limitation on API
Coinbase Violation of Secure Design Principles (CWE-657)
Unknown
2014-03-31
Control Characters Not Stripped From Username on Signup
HackerOne Violation of Secure Design Principles (CWE-657)
Unknown
2014-03-11
Missing SPF for hackerone.com
HackerOne Violation of Secure Design Principles (CWE-657)
Unknown
2014-01-09
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify465
curl464
Node.js third-party modules307
GitLab258
X / xAI250 $7,000
Uber239