Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,222
CVE-linked
1,855
Programs
342
New This Week
3
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Stored XSS | api.mapbox.com | IE 11 | Styles name
Mapbox Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2020-01-21
[node-red] Stored XSS within Flow's - "Name" field
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-15607
Medium
2020-01-11
[seeftl] Stored XSS when directory listing via filename.
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-15603
Medium
2019-12-31
Stored XSS in Jetpack's Simple Payment Module by Contributors / Authors
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-12-19
Stored XSS in https://app.mopub.com
X / xAI Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-12-17
Persistent XSS on favorite via filename
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-12-12
XSS On Nextcloud Integrated with zimbra drive
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-11-11
H1514 Stored XSS in Return Magic App portal content
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-11-08
Stored XSS in private message
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-11-08
H1514 Stored XSS on Wholesale sales channel allows cross-organization data leakage
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-11-01
Stored XSS vulnerability in comments on *.wordpress.com
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-10-21
[FG-VD-18-165] Wordpress Cross-Site Scripting Vulnerability Notification II
WordPress Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-10-11
Stored XSS in localhost:* via integrated torrent downloader
Brave Software Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-15782
Medium
2019-09-24
Blind Stored XSS In "Report a Problem" on www.data.gov/issue/
GSA Bounty Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-08-07
[http-file-server] Stored XSS in the filename when directories listing
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-5458
Medium
2019-07-24
BUG XSS IN "ADD IMAGES"
Imgur Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-07-18
Stored XSS via Create Project (Add new translation project)
Weblate Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-07-09
Self-Stored XSS - Chained with login/logout CSRF
Eternal Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-07-03
Stored XSS @ /engage/<project_slug>
Weblate Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-07-02
[takeapeek] XSS via HTML tag injection in directory lisiting page
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-07-01
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl440
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239