Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
14
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: x
Sensitive Information Disclosure https://cards-dev.twitter.com
X / xAI Information Disclosure (CWE-200)
Medium
2017-09-29
Open Redirect
X / xAI Open Redirect (CWE-601)
Unknown
2017-08-19
XXE on sms-be-vip.twitter.com in SXMP Processor
X / xAI XML External Entities (XXE) (CWE-611)
Medium
2017-07-26
CSRF on Periscope Web OAuth authorization endpoint
X / xAI Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-07-26
Vine all registered user Private/sensitive information disclosure .[ Ip address/phone no/email and many other informations ]
X / xAI Information Disclosure (CWE-200)
Critical
2017-07-11
CRLF and XSS stored on ton.twitter.com
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-07-05
csp bypass + xss
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-07-05
[Studio.twitter.com] See someone else pics
X / xAI Improper Authentication - Generic (CWE-287)
Unknown
2017-06-22
Vine - overwrite account associated with email via android application
X / xAI Improper Authentication - Generic (CWE-287)
Medium
2017-06-14
[██████████.gnip.com] .htpasswd disclosure
X / xAI
Critical
2017-05-26
[URGENT] Opportunity to publish tweets on any twitters account
X / xAI
High
2017-05-22
[IDOR][translate.twitter.com] Opportunity to change any comment at the forum
X / xAI Privilege Escalation (CAPEC-233)
Low
2017-05-12
[Gnip Blogs] Reflected XSS via "plupload.flash.swf" component vulnerable to SOME
X / xAI Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2017-05-08
HTTP 401 response injection on "amp.twimg.com/amplify-web-player/prod/source.html" through "image_src" parameter
X / xAI Information Disclosure (CWE-200)
Low
2017-05-08
Bypassing Digits bridge origin validation
X / xAI Improper Authentication - Generic (CWE-287)
Unknown
2017-04-30
Multiple DOMXSS on Amplify Web Player
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-04-15
CSRF on cards API
X / xAI Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-04-11
DOM based cookie bomb
X / xAI Uncontrolled Resource Consumption (CWE-400)
Unknown
2017-04-11
SSRF in https://cards-dev.twitter.com/validator
X / xAI Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2017-04-06
DOMXSS in Tweetdeck
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-04-02
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895