Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
14
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: curl
Potential Resource Leak in tool_parsecfg.c at line 279 during fileerror
curl Uncontrolled Resource Consumption (CWE-400)
Low
2026-05-05
MQTT: Missing upper bound on incoming Remaining Length allows server-controlled long wait
curl Uncontrolled Resource Consumption (CWE-400)
Low
2026-01-06
Unbounded memory consumption via compressed HTTP responses (gzip/brotli/zstd)
curl Uncontrolled Resource Consumption (CWE-400)
Medium
2025-12-21
Denial of Service (DoS) vulnerability in dedotdotify() URL path normalization
curl Uncontrolled Resource Consumption (CWE-400)
High
2025-12-13
Memory leak in Curl_auth_create_ntlm_type3_message
curl Uncontrolled Resource Consumption (CWE-400)
Low
2025-10-28
OpenSSL backend: X509 peer certificate not freed in ossl_get_channel_binding causes per-request memory leak (DoS risk for long-lived clients)
curl Uncontrolled Resource Consumption (CWE-400)
Low
2025-10-08
WebSocket Fragmentation DoS on Curl Client
curl Uncontrolled Resource Consumption (CWE-400)
High
2025-08-19
curl_easy_header runs at O(N) or worse and can be abused to use minute(s) of CPU time
curl Uncontrolled Resource Consumption (CWE-400)
Unknown
2025-07-01
HTTP/2 PUSH_PROMISE DoS
curl Uncontrolled Resource Consumption (CWE-400)
Medium
2024-03-27
CVE-2024-2398: HTTP/2 push headers memory-leak
curl Uncontrolled Resource Consumption (CWE-400)CVE-2024-2398
Medium
2024-03-27
curl "globbing" can lead to denial of service attacks
curl Uncontrolled Resource Consumption (CWE-400)
Low
2022-06-16
CVE-2022-27781: CERTINFO never-ending busy-loop
curl Uncontrolled Resource Consumption (CWE-400)CVE-2022-27781
Low
2022-05-16
Memory leak in CURLOPT_XOAUTH2_BEARER
curl Uncontrolled Resource Consumption (CWE-400)
Medium
2022-05-13
Denial of Service vulnerability in curl when parsing MQTT server response
curl Uncontrolled Resource Consumption (CWE-400)
Medium
2022-03-28
Poll loop/hang on incomplete HTTP header
curl Uncontrolled Resource Consumption (CWE-400)
Medium
2021-01-22
Parallel upload hangs curl if upload file not found
curl Uncontrolled Resource Consumption (CWE-400)
None
2020-10-29
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895