Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,232
CVE-linked
1,859
Programs
342
New This Week
12
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 657 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
CSRF - Close Account
U.S. Dept Of Defense Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2020-06-11
CSRF - Modify Company Info
U.S. Dept Of Defense Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2020-06-11
CSRF in Profile Fields allows deleting any field in BuddyPress
WordPress Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2020-05-22
CSRF on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action
Lab45 Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2020-05-12
CSRF on https://apps.topcoder.com/wiki/users/editmyprofile.action
Lab45 Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2020-05-12
CSRF on https://apps.topcoder.com/wiki/users general and email preferences
Lab45 Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2020-05-12
CSRF on connecting Paypal as Payment Provider
Shopify Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2020-04-10
[www.drive2.ru] CSRF through FCTX token bypass
DRIVE.NET, Inc. Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2020-03-31
XSRF Token is Not being validated when sending emails test request which lead to CSRF attack using the flash file + 307 redirect technique
Stripo Inc Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2020-03-25
Cross Site Request Forgery in auth in https://auth.ratelimited.me/
RATELIMITED Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2020-02-21
csrf bypass using flash file + 307 redirect method at plugins endpoint
Stripo Inc Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2020-02-10
CSRF in generating developer api_key
Magic Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2019-11-01
login csrf in analytics.mopub.com
X / xAI Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2019-10-02
Vulnerable W3 Total Cache plugin version in use on nextcloud.com
Nextcloud Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2019-06-21
Authenticated Cross-Site-Request-Forgery
Semmle Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2019-03-19
CSRF on https://www.niche.co leads to "account disconnection"
X / xAI Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2019-03-02
CSRF and probable account takeover on https://www.niche.co
X / xAI Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2019-02-28
CSRF Add user templates
Mavenlink Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2019-02-27
Facebook OAuth Code Theft through referer leakage on support.rockstargames.com
Rockstar Games Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2019-02-19
XSSI on refer.xoom.com allows stealing email addresses and posting to Twitter on behalf of victim
PayPal Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2019-02-07
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud583
Shopify464
curl447
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239