Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,247
CVE-linked
1,864
Programs
343
New This Week
16
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Cross-site Scripting (XSS) - DOM - iqcard.informatica.com
Informatica Cross-site Scripting (XSS) - DOM (CWE-79)
High
2020-10-13
Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow
Internet Bug Bounty Buffer Over-read (CWE-126)CVE-2019-11039
High
2020-10-12
DOS in stream filters
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2018-10546
High
2020-10-12
imagecolormatch Out Of Bounds Write on Heap
Internet Bug Bounty Memory Corruption - Generic (CWE-119)CVE-2019-6977
High
2020-10-10
Uninitialized read in exif_process_IFD_in_MAKERNOTE
Internet Bug Bounty Information Disclosure (CWE-200)CVE-2019-9638
High
2020-10-10
Invalid Read on exif_process_SOFn
Internet Bug Bounty Buffer Over-read (CWE-126)CVE-2019-9640
High
2020-10-10
Heap Buffer Overflow (READ: 4) in phar_parse_pharfile
Internet Bug Bounty Buffer Over-read (CWE-126)CVE-2018-20783
High
2020-10-10
Thailand - SNMP Publicly Accessible
Starbucks Improper Access Control - Generic (CWE-284)
High
2020-10-07
Repositories of datanucleus are fetched over insecure protocol (http insted of https)
Central Security Project Man-in-the-Middle (CWE-300)
High
2020-10-05
Bypass hide download Nextcloud Share
Nextcloud Business Logic Errors (CWE-840)
High
2020-10-05
Ability to bypass email verification for OAuth grants results in accounts takeovers on 3rd parties
GitLab Authentication Bypass Using an Alternate Path or Channel (CWE-288)
High
2020-10-01
Stored XSS via Comment Form at ████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2020-09-29
Recently change email but still login with old email
Nextcloud Improper Authentication - Generic (CWE-287)
High
2020-09-29
Missing server side controls when editing the board’s sharing permissions per user
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2020-8182
High
2020-09-28
[http_server] Path Traversal allowing to read any files on the server
Node.js third-party modules Path Traversal (CWE-22)
High
2020-09-24
Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2020-6506
High
2020-09-24
[hnzserver] Path Traversal allowing to read any files on the server
Node.js third-party modules Path Traversal (CWE-22)
High
2020-09-24
property-expr - Prototype pollution
Node.js third-party modules Modification of Assumed-Immutable Data (MAID) (CWE-471)
High
2020-09-24
Stored-Xss at connect.topcoder.com/projects/ affected on project chat members
Lab45 Cross-site Scripting (XSS) - Stored (CWE-79)
High
2020-09-22
[Half-Life 1] Malformed map name leads to memory corruption and code execution
Valve Classic Buffer Overflow (CWE-120)
High
2020-09-22
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239