Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
7
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Reflective XSS
WebSummit Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-10-28
XSS during presentation
Zaption Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-10-28
HTML injection-WordCamp Talks plugin
Ian Dunn Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-10-16
Reflected XSS in m.imgur.com
Imgur Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-10-07
Persistent XSS found on bin.pinion.gg due to outdated FlowPlayer SWF file with Remote File Inclusion vulnerability.
Unikrn Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-10-05
Unauthenticated Cross-Site Scripting in Web Management Console
Ubiquiti Inc. Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-10-02
XSS on Nanostation Loco M2 Airmax
Ubiquiti Inc. Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-10-02
xss filter bypass [polldaddy]
Automattic Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-10-01
XSS found In Your Web
Gratipay Cross-site Scripting (XSS) - Generic (CWE-79)
None
2017-10-01
Reflective XSS
ExpressionEngine Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-09-29
Stored XSS / Bypassing .htaccess protection in http://nodebb.ubnt.com/
Ubiquiti Inc. Cross-site Scripting (XSS) - Generic (CWE-79)
High
2017-09-28
Reflected XSS in /Videos/ via calling a callback http://www.rockstargames.com/videos/#/?lb=
Rockstar Games Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-09-25
Reflected XSS in reddeadredemption Site located at www.rockstargames.com/reddeadredemption
Rockstar Games Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-09-25
Store XSS on Informatica University via transcript (informatica.csod.com)
Informatica Cross-site Scripting (XSS) - Generic (CWE-79)
High
2017-09-09
Reflected XSS on www.bookfresh.com/index.html?view=upload_form
Bookfresh Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-08-31
Reflected XSS on vimeo.com/musicstore
Vimeo Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-08-31
Stored XSS on player.vimeo.com
Vimeo Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-08-31
XSS when using captions/subtitles on video player based on Flash (requires user interaction)
Vimeo Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-08-31
XSS on vimeo.com | "Search within these results" feature (requires user interaction)
Vimeo Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-08-31
XSS on vimeo.com/home after other user follows you
Vimeo Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-08-31
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895