Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
14
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: uber
Changing paymentProfileUuid when booking a trip allows free rides
Uber Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-09-15
Reading Emails in Uber Subdomains
Uber Improper Authentication - Generic (CWE-287)
Unknown
2016-09-14
Bulk UUID enumeration via invite codes
Uber Information Disclosure (CWE-200)
Unknown
2016-09-08
Get organization info base on uuid
Uber Improper Authentication - Generic (CWE-287)
Unknown
2016-09-02
Estimation of a Lower Bound on Number of Uber Drivers via Enumeration
Uber Information Disclosure (CWE-200)
Unknown
2016-08-24
Wordpress Vulnerabilities in transparencyreport.uber.com and eng.uber.com domains
Uber Improper Authentication - Generic (CWE-287)
Unknown
2016-08-24
Multiple vulnerabilities in a WordPress plugin at drive.uber.com
Uber SQL Injection (CWE-89)
Unknown
2016-08-23
newsroom.uber.com is vulnerable to 'SOME' XSS attack via plupload.flash.swf
Uber Code Injection (CWE-94)
Unknown
2016-08-22
XSS At "pages.et.uber.com"
Uber Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-19
[IODR] Get business trip via organization id
Uber Improper Authentication - Generic (CWE-287)
Unknown
2016-08-15
Missing authorization checks leading to the exposure of ubernihao.com administrator accounts
Uber Information Disclosure (CWE-200)
Unknown
2016-08-15
[CRITICAL] -- Complete Account Takeover
Uber Improper Authentication - Generic (CWE-287)
Unknown
2016-08-15
User Enumeration and Information Disclosure
Uber Information Disclosure (CWE-200)
Unknown
2016-08-12
Brute Force Amplification Attack
Uber Violation of Secure Design Principles (CWE-657)
Unknown
2016-08-12
Content injection on 404 error page at faspex.uber.com
Uber Violation of Secure Design Principles (CWE-657)
Unknown
2016-08-12
CBC "cut and paste" attack may cause Open Redirect(even XSS)
Uber Cryptographic Issues - Generic (CWE-310)
Unknown
2016-08-12
Lack of rate limiting on get.uber.com leads to enumeration of promotion codes and estimation of a lower bound on the number of Uber drivers
Uber Information Disclosure (CWE-200)
Unknown
2016-08-12
Stored XSS on developer.uber.com via admin account compromise
Uber Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-12
Avoiding Surge Pricing
Uber Violation of Secure Design Principles (CWE-657)
Unknown
2016-08-11
Blind OOB XXE At "http://ubermovement.com/"
Uber Command Injection - Generic (CWE-77)
Unknown
2016-08-08
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895