Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,262
CVE-linked
1,866
Programs
343
New This Week
0
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 654 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
CVE-2022-42915: HTTP proxy double-free
curl Double Free (CWE-415)CVE-2022-42915
Medium
2022-11-26
CVE-2022-32221: POST following PUT confusion
curl Expected Behavior Violation (CWE-440)CVE-2022-32221
Medium
2022-11-26
Database resource exhaustion for logged-in users via sharee recommendations with circles
Nextcloud Uncontrolled Resource Consumption (CWE-400)CVE-2022-39330
Medium
2022-11-26
open redirect to a remote website which can phish users
Concrete CMS Open Redirect (CWE-601)
Medium
2022-11-25
DoS via Playbook
Mattermost Uncontrolled Resource Consumption (CWE-400)CVE-2022-4019
Medium
2022-11-23
DoS via Automatic Response Message
Mattermost Uncontrolled Resource Consumption (CWE-400)CVE-2022-4044
Medium
2022-11-23
Reflected XSS in chatbot
MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2022-11-19
Open Redirect at █████
U.S. Dept Of Defense Open Redirect (CWE-601)
Medium
2022-11-18
IDOR on ███████ [HtUS]
U.S. Dept Of Defense Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2022-11-18
Reflected XSS | https://████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2022-11-18
Reflected XSS | https://████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2022-11-18
Default password on 34.120.209.175
Elastic Weak Cryptography for Passwords (CWE-261)
Medium
2022-11-18
CSRF in AppSearch allows creation of "curations"
Elastic Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2022-11-17
[Git Gud] GitHub.com Svnbridge memcached deserialization vulnerability chain leading to Remote Code Execution
GitHub Deserialization of Untrusted Data (CWE-502)CVE-2022-23734
Medium
2022-11-16
api keys leaked
Reddit Improper Access Control - Generic (CWE-284)
Medium
2022-11-10
Bypass Cloudflare WARP lock on iOS.
Cloudflare Public Bug Bounty Client-Side Enforcement of Server-Side Security (CWE-602)CVE-2022-3322
Medium
2022-11-07
CSS Injection via Client Side Path Traversal + Open Redirect leads to personal data exfiltration on Acronis Cloud
Acronis Cross-site Scripting (XSS) - DOM (CWE-79)
Medium
2022-11-04
DOS via move_issue
GitLab Uncontrolled Resource Consumption (CWE-400)
Medium
2022-11-04
RepositoryPipeline allows importing of local git repos
GitLab Improper Access Control - Generic (CWE-284)
Medium
2022-11-04
CVE-2022-42916: HSTS bypass via IDN
Internet Bug Bounty Cleartext Transmission of Sensitive Information (CWE-319)CVE-2022-42916
Medium
2022-11-03
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify465
curl464
Node.js third-party modules307
GitLab258
X / xAI250 $7,000
Uber239