Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,262
CVE-linked
1,866
Programs
343
New This Week
0
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 654 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Content Spoofing in udemy
Udemy Violation of Secure Design Principles (CWE-657)
Low
2017-07-23
Violation of secure design principles on a DoD website
U.S. Dept Of Defense Violation of Secure Design Principles (CWE-657)
Low
2017-07-05
Missing filteration of meta characters in all full name field on wakatime.com
WakaTime Violation of Secure Design Principles (CWE-657)
Low
2017-07-04
No notificatoin sent on email after account deletion.
WakaTime Violation of Secure Design Principles (CWE-657)
Low
2017-07-03
Missing SPF Flags
WakaTime Violation of Secure Design Principles (CWE-657)
Low
2017-07-01
Missing/Breach of Internal Security Boundary - Access to Job Queue Results in Remote Code Execution
GitLab Violation of Secure Design Principles (CWE-657)
Low
2017-06-28
Possible user session hijack by invalid HTTPS certificate on inside.gratipay.com domain
Gratipay Violation of Secure Design Principles (CWE-657)
Low
2017-06-21
Information disclosure vulnerability on a DoD website
U.S. Dept Of Defense Violation of Secure Design Principles (CWE-657)
Low
2017-06-16
Missing restriction on string size of contact field
Mixmax Violation of Secure Design Principles (CWE-657)
Low
2017-06-13
invalid homepage URL causes 'uncaught typeerror' or blank state
Brave Software Violation of Secure Design Principles (CWE-657)
Low
2017-06-12
Can upload files without authentication on AirFibre 3.2
Ubiquiti Inc. Violation of Secure Design Principles (CWE-657)
Low
2017-05-17
Weak e-mail change functionality could lead to account takeover
Weblate Violation of Secure Design Principles (CWE-657)
Low
2017-05-17
Spamming any user from Reset Password Function
Weblate Violation of Secure Design Principles (CWE-657)
Low
2017-05-17
Content Spoofing in error message
Weblate Violation of Secure Design Principles (CWE-657)
Low
2017-05-17
Content Spoofing
Weblate Violation of Secure Design Principles (CWE-657)
Low
2017-05-17
Specify maximal length in new comment
Weblate Violation of Secure Design Principles (CWE-657)
Low
2017-05-17
Insecure Account Removal
Weblate Violation of Secure Design Principles (CWE-657)
Low
2017-05-17
Improper Password Reset Policy on https://hosted.weblate.org/
Weblate Violation of Secure Design Principles (CWE-657)
Low
2017-05-17
Content (Text) Injection at https://nextcloud.com
Nextcloud Violation of Secure Design Principles (CWE-657)
Low
2017-05-15
use of unsafe host header leads to open redirect
Rockstar Games Violation of Secure Design Principles (CWE-657)
Low
2017-05-01
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify465
curl464
Node.js third-party modules307
GitLab258
X / xAI250 $7,000
Uber239