Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Web Cache Poisoning on █████
U.S. Dept Of Defense Violation of Secure Design Principles (CWE-657)
High
2021-06-03
Origin IP found, Cloudflare bypassed
CS Money Violation of Secure Design Principles (CWE-657)
Medium
2021-03-30
Over-Privileged API Credentials for Elastic Agent
Elastic Violation of Secure Design Principles (CWE-657)
Medium
2021-03-29
Indexing of urls on the "External link warning" pages discloses many vulnerable endpoints from the past and unlisted videos/photos
HackerOne Violation of Secure Design Principles (CWE-657)
Medium
2021-03-25
Failure to Invalid Session after Password Change
Liberapay Violation of Secure Design Principles (CWE-657)
Low
2021-03-12
RDR2 game service method allows adding any player to a new Posse without consent
Rockstar Games Violation of Secure Design Principles (CWE-657)
Medium
2021-02-23
DNS Setup allows sending mail on behalf of other customers
Basecamp Violation of Secure Design Principles (CWE-657)
Medium
2021-02-21
Arbitrary file upload and stored XSS via ███ support request
U.S. Dept Of Defense Violation of Secure Design Principles (CWE-657)
High
2021-02-18
User password left in memory in plain text after GUI launch
Nord Security Violation of Secure Design Principles (CWE-657)
Low
2021-01-24
Access Token Smuggling from my.playstation.com via Referer Header
PlayStation Violation of Secure Design Principles (CWE-657)
High
2021-01-12
Email Verification bypass on signup
Automattic Violation of Secure Design Principles (CWE-657)
High
2020-12-03
On Singing up with a Phone number , The 4 digit OTP does not expires for a long time leading to an easy attack and make a verified account easilty
Bumble Violation of Secure Design Principles (CWE-657)
High
2020-11-25
Authorization Token on PlayStation Network Leaks via postMessage function
PlayStation Violation of Secure Design Principles (CWE-657)
High
2020-11-21
Session misconfiguration on change password feature at https://apps-staging.pingone.com/myaccount/?environmentId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx#
Ping Identity Violation of Secure Design Principles (CWE-657)
Low
2020-11-16
Possibility to freeze/crash the host system of all Slack Desktop users easily
Slack Violation of Secure Design Principles (CWE-657)
Low
2020-11-10
No rate limiting for confirmation email lead to email flooding and leads to enumeration of emails in publishers.basicattentiontoken.org
Brave Software Violation of Secure Design Principles (CWE-657)
Low
2020-11-09
Broken Authentication and Session Management Flaw After Change Password and Logout
Omise Violation of Secure Design Principles (CWE-657)
Low
2020-11-08
Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file
Nextcloud Violation of Secure Design Principles (CWE-657)CVE-2020-8133
Low
2020-11-05
weak password poilicy in signup password leak to account takeover
Stripo Inc Violation of Secure Design Principles (CWE-657)
None
2020-10-16
Email flooding using user invitation feature in biz.yelp.com due to lack of rate limiting
Yelp Violation of Secure Design Principles (CWE-657)
Medium
2020-09-29
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895