Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
unsanitized input goes to regex function leads to ReDos that make request hangs
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)
Low
2023-08-28
[CVE-2022-44570] Possible Denial of Service Vulnerability in Rack’s Range header parsing
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2022-44570
Low
2023-07-27
[CVE-2022-44571] Possible Denial of Service Vulnerability in Rack Content-Disposition parsing
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2022-44571
Low
2023-07-27
[CVE-2022-44572] Possible Denial of Service Vulnerability in Rack’s RFC2183 boundary parsing
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2022-44572
Low
2023-07-27
[CVE-2023-22796] Possible ReDoS based DoS vulnerability in Active Support’s underscore
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2023-22796
Low
2023-07-27
[CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2023-22799
Low
2023-07-27
node.js process aborts when processing x509 certs with invalid public key information
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2023-30588
Medium
2023-07-20
RDoc::MethodAttr is vulnerable to Regular Expression Denial of Service (ReDoS)
Ruby Uncontrolled Resource Consumption (CWE-400)
Low
2023-07-18
Possible DOS in app with crashing `exceptions_app`
Ruby on Rails Uncontrolled Resource Consumption (CWE-400)
Medium
2023-06-28
Maliciously crafted message can cause Rocket.Chat server to stop responding
Rocket.Chat Uncontrolled Resource Consumption (CWE-400)CVE-2023-28356
Medium
2023-05-09
Reference fetch can saturate the server bandwidth for 10 seconds
Nextcloud Uncontrolled Resource Consumption (CWE-400)CVE-2023-28644
Medium
2023-04-29
Possible DoS Vulnerability in Multipart MIME parsing in rack
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)
Low
2023-04-27
CVE-2023-28755: ReDoS vulnerability in URI
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2023-28755
Medium
2023-04-26
ReDoS( Ruby, Time)
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2023-28756
High
2023-04-26
CVE-2018-6389 exploitation - using scripts loader
Fastly VDP Uncontrolled Resource Consumption (CWE-400)CVE-2018-6389
Low
2023-04-20
WordPress application vulnerable to DoS attack via wp-cron.php
U.S. Dept Of Defense Uncontrolled Resource Consumption (CWE-400)
Critical
2023-04-14
DoS at █████(CVE-2018-6389)
U.S. Dept Of Defense Uncontrolled Resource Consumption (CWE-400)CVE-2018-6389
Critical
2023-03-24
Potential DoS vulnerability in Django in multipart parser
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2023-24580
Medium
2023-03-20
Regular Expression Denial of Service in Headers
Node.js Uncontrolled Resource Consumption (CWE-400)
Low
2023-03-19
JSON RPC methods for debugging enabled by default allow DoS
Rootstock Labs Uncontrolled Resource Consumption (CWE-400)
Medium
2023-02-27
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895