Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Denial of Service in anti_ransomware_service.exe via logs files
Acronis Uncontrolled Resource Consumption (CWE-400)
Medium
2021-06-24
XMLRPC, Enabling XPSA and Bruteforce and DOS + A file disclosing installer-logs.
MTN Group Uncontrolled Resource Consumption (CWE-400)
High
2021-06-14
DoS due to improper input validation can break the admin access into the user data will disallow him from editing that user's data.
Nextcloud Uncontrolled Resource Consumption (CWE-400)CVE-2021-32657
High
2021-06-01
xmlrpc.php And /wp-json/wp/v2/users FILE IS enable it will used for bruteforce attack and denial of service
Sifchain Uncontrolled Resource Consumption (CWE-400)
None
2021-05-06
'net/ftp': Uncontrolled Resource Consumption (Memory/CPU)
Ruby Uncontrolled Resource Consumption (CWE-400)
Medium
2021-04-21
https://themes.shopify.com::: Host header web cache poisoning lead to DoS
Shopify Uncontrolled Resource Consumption (CWE-400)
Medium
2021-04-08
API Server DoS (crash?) if many large resources (~1MB each) are concurrently/repeatedly sent to an external Validating WebHook endpoint
Kubernetes Uncontrolled Resource Consumption (CWE-400)
Medium
2021-04-01
HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2021-22883
Critical
2021-03-15
DRb denial of service vulnerability
Ruby Uncontrolled Resource Consumption (CWE-400)
None
2021-03-07
Thumbor misconfiguration at blogapi.uber.com can lead to DoS
Uber Uncontrolled Resource Consumption (CWE-400)
Medium
2021-02-25
Cookie Bombing cause DOS - businesses.uber.com
Uber Uncontrolled Resource Consumption (CWE-400)
Low
2021-02-24
DoS attack against the client when entering a long password
Nextcloud Uncontrolled Resource Consumption (CWE-400)
Low
2021-02-14
Camera adoption DoS - UniFi Protect
Ubiquiti Inc. Uncontrolled Resource Consumption (CWE-400)CVE-2021-22882
High
2021-02-12
xmlrpc.php FILE IS enabled it will used for Bruteforce attack and Denial of Service(DoS)
BlockDev Sp. Z o.o Uncontrolled Resource Consumption (CWE-400)
Critical
2021-02-12
Regular expression denial of service in ActiveRecord's PostgreSQL Money type
Ruby on Rails Uncontrolled Resource Consumption (CWE-400)CVE-2021-22880
Medium
2021-02-11
DoS for GCSArtifact.RealAll
Kubernetes Uncontrolled Resource Consumption (CWE-400)
Medium
2021-02-04
Denial Of Service (Out Of Memory) on Updating Bounty Table [Urgent]
HackerOne Uncontrolled Resource Consumption (CWE-400)
Low
2021-02-02
Permanent DoS at https://happy.tools/ when inviting a user
Automattic Uncontrolled Resource Consumption (CWE-400)
Medium
2021-01-29
Denial of Service by requesting to reset a password
Nextcloud Uncontrolled Resource Consumption (CWE-400)CVE-2020-8295
High
2021-01-25
Poll loop/hang on incomplete HTTP header
curl Uncontrolled Resource Consumption (CWE-400)
Medium
2021-01-22
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895