Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,221
CVE-linked
1,854
Programs
342
New This Week
7
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
XSS Reflected on my_report
Semrush Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2019-06-21
Reflected XSS
Shopify Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2019-05-28
[0.vk.com] Reflected XSS на странице подтверждения.
VK.com Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2019-05-10
[theacademy.upserve.com] Reflected XSS Query-String
Upserve Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2018-10-19
Reflected XSS on developers.zomato.com
Eternal Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2018-10-05
Reflected xss on theacademy.upserve.com
Upserve Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2018-09-28
Post Based XSS On Upload Via CK Editor [semrush.com]
Semrush Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2018-08-17
xss - reflected
WordPress Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2018-07-24
XSS on redirection page( Bypassed)
Semrush Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2018-06-13
Authenticated reflected XSS on liberapay.com via the back_to parameter when leaving a team.
Liberapay Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2018-06-02
[Zomato's Blog] POST based XSS on https://www.zomato.com/blog/wp-admin/admin-ajax.php?td_theme_name=Newspaper&v=8.2
Eternal Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2018-04-26
Zomato.com Reflected Cross Site Scripting
Eternal Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2018-04-08
XSS through `__e2e_action_id` delivered by JSONP
Quora Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2018-03-08
Reflected Cross-site Scripting Vulnerability via JSON Error Message
Inflection Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2018-02-09
[redis-commander] Reflected SWF XSS via vulnerable "clipboard.swf" component
Node.js third-party modules Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2018-01-23
Reflected XSS vulnerability in Database name field on installation screen
Concrete CMS Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2018-01-20
Reflected XSS using Header Injection
Semrush Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2018-01-18
Self-XSS in password reset functionality
Shopify Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2017-11-10
XSS Vulnerability in WooCommerce Product Vendors plugin
Automattic Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2017-08-22
Reflected XSS on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2017-08-15
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239 $9,895