Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
14
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: x
Incorrect param parsing in Digits web authentication
X / xAI Improper Authentication - Generic (CWE-287)
Unknown
2018-08-18
Improper session handling on web browsers
X / xAI Insufficient Session Expiration (CWE-613)
Medium
2018-06-26
No Rate Limit in email leads to huge Mass mailings
X / xAI Business Logic Errors (CWE-840)
Low
2018-06-01
Highly wormable clickjacking in player card
X / xAI UI Redressing (Clickjacking) (CAPEC-103)
Unknown
2018-05-17
ms5 debug page exposing internal info (internal IPs, headers)
X / xAI Information Exposure Through Debug Information (CWE-215)
Medium
2018-05-11
[sms-be-vip.twitter.com] vulnerable to Jetleak
X / xAI Information Disclosure (CWE-200)
Unknown
2018-04-02
Urgent : Unauthorised Access to Media content of all Direct messages and protected tweets(Indirect object reference)
X / xAI Improper Authentication - Generic (CWE-287)
High
2018-03-21
CVE-2017-15277 on Profile page
X / xAI Information Disclosure (CWE-200)CVE-2017-15277
Low
2018-03-08
Persistent DOM-based XSS in https://help.twitter.com via localStorage
X / xAI Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-02-24
POODLE SSLv3 bug on multiple twitter smtp servers (mx3.twitter.com,199.59.148.204,199.16.156.108 and 199.59.148.204)
X / xAI Cryptographic Issues - Generic (CWE-310)CVE-2014-3566
Unknown
2018-02-22
Blind XSS in Mobpub Marketplace Admin Production | Sentry via demand.mopub.com (User-Agent)
X / xAI Cross-site Scripting (XSS) - Stored (CWE-79)
High
2018-02-17
Improper Host Detection During Team Up on tweetdeck.twitter.com
X / xAI
Unknown
2018-01-04
Open Redirect Protection Bypass
X / xAI Open Redirect (CWE-601)
Unknown
2017-12-23
Listing of Amazon S3 Bucket accessible to any amazon authenticated user (metrics.pscp.tv)
X / xAI Information Disclosure (CWE-200)
Unknown
2017-11-19
Opportunity to obtain private tweets through search widget preview caches
X / xAI Business Logic Errors (CWE-840)
Unknown
2017-11-11
CSRF in twitterflightschool.com ( CAN POST ON TIMELINE WITHOUT USER PERMISSION)
X / xAI Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-11-06
[CRITICAL] Full account takeover using CSRF
X / xAI Cross-Site Request Forgery (CSRF) (CWE-352)
High
2017-11-03
Unauthorized Access to Protected Tweets via niche.co API
X / xAI Privacy Violation (CWE-359)
High
2017-11-02
OS Command Execution on User's PC via CSV Injection
X / xAI OS Command Injection (CWE-78)
Medium
2017-11-02
[dev.twitter.com] XSS and Open Redirect
X / xAI
Medium
2017-09-29
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895