Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
11
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: brave
SameSite restrictions are lifted, and SameSite:Strict cookie are being sent.
Brave Software Improper Certificate Validation (CWE-295)CVE-2018-12402CVE-2022-29912CVE-2022-45410CVE-2022-45413CVE-2023-30674CVE-2025-48980
High
2025-10-15
Prompt Injection via GitHub Patch in Brave AI Chat (Leo)
Brave Software LLM01: Prompt Injection
High
2025-08-22
Incorrect security UI of files' download source on brave MacOS
Brave Software User Interface (UI) Misrepresentation of Critical Information (CWE-451)CVE-2025-23086
High
2025-01-16
Universal XSS through FIDO U2F register from subframe
Brave Software Cross-site Scripting (XSS) - Generic (CWE-79)
High
2023-06-22
Onion-Location header allows to open arbitrary URLs including chrome:
Brave Software Violation of Secure Design Principles (CWE-657)
High
2023-06-22
Universal XSS with Playlist feature
Brave Software Cross-site Scripting (XSS) - Stored (CWE-79)
High
2023-06-22
XSS on internal: privileged origin through reader mode
Brave Software Cross-site Scripting (XSS) - Generic (CWE-79)
High
2023-06-22
Security token and handler name leak from window.braveBlockRequests
Brave Software Information Disclosure (CWE-200)
High
2023-06-22
Brave News feeds can open arbitrary chrome: URLs
Brave Software Privilege Escalation (CAPEC-233)
High
2023-06-22
Open redirect due to scanning QR code via brave browser
Brave Software Open Redirect (CWE-601)CVE-2023-28364
High
2023-06-08
download file type warning on Windows does not appear if "ask where to save file before downloading" setting is enabled
Brave Software CVE-2023-28360
High
2023-05-10
UXss on brave browser via scan QR Code
Brave Software Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2022-23258
High
2023-04-11
Browser is not following proper flow for redirection cause open redirect
Brave Software CVE-2023-22798
High
2022-06-30
Information disclosure-Referer leak
Brave Software Information Disclosure (CWE-200)
High
2022-02-01
Information disclosure
Brave Software Information Disclosure (CWE-200)
High
2021-09-21
DNS Leaks when using any VPN Browser extension with Brave Shield enabled
Brave Software Information Disclosure (CWE-200)CVE-2021-22916
High
2021-07-08
Brave Browser Tor Window leaks user's real IP to the external DNS server
Brave Software Information Disclosure (CWE-200)CVE-2021-22917
High
2021-06-17
HTTP Request Smuggling
Brave Software HTTP Request Smuggling (CWE-444)
High
2020-06-04
chrome://brave can still be navigated to, leading to RCE
Brave Software Code Injection (CWE-94)
High
2018-10-23
RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context
Brave Software
High
2018-10-22
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895