Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,262
CVE-linked
1,866
Programs
343
New This Week
0
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 654 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Stored XSS at [ █████ ] in " LINKEDIN URL" Field.
lemlist Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2020-07-24
DoS for client-go jsonpath func
Kubernetes Uncontrolled Resource Consumption (CWE-400)
Low
2020-07-24
Github test clientID and clientSecret leaked
Kubernetes Plaintext Storage of a Password (CWE-256)
Low
2020-07-24
"Self" DOS with large deployment and scaling
Kubernetes Uncontrolled Resource Consumption (CWE-400)
Low
2020-07-23
Stored XSS in app.lemlist.com
lemlist Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2020-07-23
SSO Provider Credential Cache (logged out of Google/GitHub, could still log into Courier)
Courier
Low
2020-07-20
Clickjacking on donation page
WordPress UI Redressing (Clickjacking) (CAPEC-103)
Low
2020-07-16
Account takeover intercepting magic link for Arrive app
Shopify Insufficiently Protected Credentials (CWE-522)
Low
2020-07-15
Subdomain Takeover of multiple *.ttcdn.co domains
Shopify Violation of Secure Design Principles (CWE-657)
Low
2020-07-14
Open Redirect - www.shopify.com
Shopify Open Redirect (CWE-601)
Low
2020-07-14
Ability to bruteforce mopub account’s password due to lack of rate limitation protection using {ip rotation techniques}
X / xAI Improper Restriction of Authentication Attempts (CWE-307)
Low
2020-07-10
Pending MFA logins aren't immediatly expired after a password change
Moneybird Session Fixation (CWE-384)
Low
2020-07-10
Unrestricted file upload on the image of contacts
Nextcloud Business Logic Errors (CWE-840)CVE-2020-8181
Low
2020-07-08
CSRF Vulnerability on post creation page /community/create-post.json
Rockstar Games Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-07-07
csrf in https://www.rockstargames.com/reddeadonline/feedback/submit.json
Rockstar Games Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-07-07
Logout page does not prevent CSRF
Courier Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-07-06
Testing for arbitrary HTTP methods
DRIVE.NET, Inc. Information Exposure Through an Error Message (CWE-209)
Low
2020-07-06
Enumeration of username on password reset page
Endless Group Information Exposure Through an Error Message (CWE-209)
Low
2020-07-05
Stored XSS in the file search filter
Concrete CMS Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2020-07-03
Stored XSS on express entries
Concrete CMS Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2020-07-03
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify465
curl464
Node.js third-party modules307
GitLab258
X / xAI250 $7,000
Uber239