Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,245
CVE-linked
1,864
Programs
343
New This Week
24
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: curl
CVE-2021-22947: STARTTLS protocol injection via MITM
curl Cryptographic Issues - Generic (CWE-310)CVE-2021-22947
Medium
2021-09-24
CVE-2021-22945: UAF and double-free in MQTT sending
curl Double Free (CWE-415)CVE-2021-22945
Medium
2021-09-15
CVE-2021-22926: CURLOPT_SSLCERT mixup with Secure Transport
curl Business Logic Errors (CWE-840)CVE-2021-22926
Medium
2021-07-21
CVE-2021-22923: Metalink download sends credentials
curl Cleartext Transmission of Sensitive Information (CWE-319)CVE-2021-22923
Medium
2021-07-21
CVE-2021-22922: Wrong content via metalink not discarded
curl Business Logic Errors (CWE-840)CVE-2021-22922
Medium
2021-07-21
CVE-2021-22898: TELNET stack contents disclosure
curl Information Disclosure (CWE-200)CVE-2021-22898
Medium
2021-05-26
Proxy-Authorization header carried to a new host on a redirect
curl Cleartext Transmission of Sensitive Information (CWE-319)CVE-2018-1000007
Medium
2021-03-08
Libcurl ocasionally sends HTTPS traffic to port 443 rather than specified port 8080
curl Information Disclosure (CWE-200)
Medium
2021-02-03
Poll loop/hang on incomplete HTTP header
curl Uncontrolled Resource Consumption (CWE-400)
Medium
2021-01-22
Double-free of `trailers_buf' on `Curl_http_compile_trailers()` failure
curl Double Free (CWE-415)
Medium
2021-01-12
Incorrect IPv6 literal parsing leads to validated connection to unexpected https server.
curl Improper Handling of URL Encoding (Hex Encoding) (CWE-177)
Medium
2021-01-12
CVE-2020-8285: FTP wildcard stack overflow
curl Uncontrolled Recursion (CWE-674)CVE-2020-8285
Medium
2021-01-08
CVE-2020-8286: Inferior OCSP verification
curl Improper Certificate Validation (CWE-295)CVE-2020-8286
Medium
2020-12-09
CVE-2020-8177: curl overwrite local file with -J
curl Improper Input Validation (CWE-20)CVE-2020-8177
Medium
2020-12-05
CVE-2020-8169: Partial password leak over DNS on HTTP redirect
curl Information Disclosure (CWE-200)CVE-2020-8169
Medium
2020-12-05
CVE-2019-5482: Heap buffer overflow in TFTP when using small blksize
curl Heap Overflow (CWE-122)CVE-2019-5482CVE-2019-5436
Medium
2020-11-14
CVE-2019-5481: krb5: double-free in read_data() after realloc() fail
curl Double Free (CWE-415)CVE-2019-5481
Medium
2020-11-14
Data race conditions reported by helgrind when performing parallel DNS queries in libcurl
curl Information Disclosure (CWE-200)
Medium
2020-11-04
curl overwrites local file with -J option if file non-readable, but file writable.
curl Improper Handling of Insufficient Permissions or Privileges (CWE-280)CVE-2020-8177
Medium
2020-08-01
Port and service scanning on localhost due to improper URL validation.
curl Information Disclosure (CWE-200)
Medium
2020-01-15
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239