Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
RTL override char allowed at khanacademy redirect page
Khan Academy Violation of Secure Design Principles (CWE-657)
Low
2019-08-02
Error Page Content Spoofing or Text Injection [https://vpn.kartpay.com/]
Kartpay Violation of Secure Design Principles (CWE-657)
Unknown
2019-08-01
Web cache poisoning leads to disclosure of CSRF token and sensitive information
Smule Violation of Secure Design Principles (CWE-657)
Medium
2019-07-21
xmlrpc.php FILE IS enable on Main website
Ian Dunn Violation of Secure Design Principles (CWE-657)
None
2019-07-16
Password not checked when disabling 2FA on HackerOne
HackerOne Violation of Secure Design Principles (CWE-657)
Low
2019-06-07
Unrestricted POST request size on /customer_support/information_form/ endpoint
Chaturbate Violation of Secure Design Principles (CWE-657)
Low
2019-05-01
Emails from Grammarly missing sanitization(lack of validation?) -> HTML injection in emails
Superhuman (formerly Grammarly) Violation of Secure Design Principles (CWE-657)
Low
2019-04-30
"More on Wikipedia" link disclose "Referrer" and leak `window.opener` reference for arbitrary websites
Superhuman (formerly Grammarly) Violation of Secure Design Principles (CWE-657)
Low
2019-04-30
Просмотр лайков и репостов фотографии, которая находятся в приватном альбоме
VK.com Violation of Secure Design Principles (CWE-657)
Unknown
2019-04-26
Homograph attack in escalate report
HackerOne Violation of Secure Design Principles (CWE-657)
Low
2019-04-19
Previous attachments can be referenced when creating a new report
HackerOne Violation of Secure Design Principles (CWE-657)
Low
2019-04-12
HackerOne Integrations Design Issue
HackerOne Violation of Secure Design Principles (CWE-657)
Medium
2019-04-11
Security headers missed on https://acme-validation.jamieweb.net/
JamieWeb Violation of Secure Design Principles (CWE-657)
Medium
2019-03-28
Unprotected Api EndPoints
Semmle Violation of Secure Design Principles (CWE-657)
Medium
2019-03-21
Page replacement and redirect loop
VK.com Violation of Secure Design Principles (CWE-657)
Unknown
2019-02-24
Session Cookie without HttpOnly and secure flag set
Liberapay Violation of Secure Design Principles (CWE-657)
None
2019-02-21
Missing Protection Mechanism in Mail Servers allows malicious user to use staff.ratelimited.me email could lead to identity theft.
RATELIMITED Violation of Secure Design Principles (CWE-657)
High
2019-02-02
Missing Two Factor Authentication in /admin/login
CFP Time Violation of Secure Design Principles (CWE-657)
Unknown
2019-01-07
Error Page Content Spoofing or Text Injection
CFP Time Violation of Secure Design Principles (CWE-657)
Low
2019-01-07
Server Header disclose The Os and Web server Version
RATELIMITED Violation of Secure Design Principles (CWE-657)
Unknown
2018-12-22
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895