Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
7
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
XSS on www.██████ alerts and a number of other pages
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2019-12-02
HTML Injection on ████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2019-12-02
Remote File Inclusion, Malicious File Hosting, and Cross-site Scripting (XSS) in ████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2019-12-02
[www.zomato.com] Blind XSS on one of the Admin Dashboard
Eternal Cross-site Scripting (XSS) - Generic (CWE-79)
High
2019-11-19
"Bad Protocols Validation" Bypass in "wp_kses_bad_protocol_once" using HTML-encoding without trailing semicolons
WordPress Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2019-11-16
Wrong Handling of Content-Type allows Flash injection and Rosseta flash patch bypass
Internet Bug Bounty Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2019-11-12
Stored XSS in https://productreviews.shopifyapps.com/proxy/v4/reviews/product
Shopify Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2019-11-08
XSS vulnerable parameter in a location hash
Slack Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2019-10-16
antispambot does not always escape <, >, &, " and '
WordPress Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2019-09-16
Html Injection and Possible XSS via MathML
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Critical
2019-09-03
Persistent XSS via e-mail when creating merge requests
GitLab Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2019-5471
Low
2019-08-30
URL Advisor component in KIS products family is vulnerable to Universal XSS
Kaspersky Cross-site Scripting (XSS) - Generic (CWE-79)
High
2019-08-28
[kb.informatica.com] Dom Based xss
Informatica Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2019-08-17
Stored XSS in Discounts section
Shopify Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2019-06-27
XSS in Bootbox
Node.js third-party modules Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2019-05-04
XSS and cache poisoning via upload.twitter.com on ton.twitter.com
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2019-05-01
[www.zomato.com] Blind XSS in one of the admin dashboard
Eternal Cross-site Scripting (XSS) - Generic (CWE-79)
High
2019-05-01
XSS in gist integration
Slack Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2019-04-28
[harp] Unsafe rendering of Markdown files
Node.js third-party modules Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2019-04-06
CSP : Inline scripts can be inserted
Semmle Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2019-03-21
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895