Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports

12,219

CVE-linked

1,854

Programs

342

New This Week

Severity: All Critical High Medium Low

Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375

Program filter: discourse✕

Application Level DoS - Large Markdown Payload in Reply Section Leading to Resource Exhaustion

Discourse Uncontrolled Resource Consumption (CWE-400)

High

2025-10-18

Account takeover at https://try.discourse.org due to no CSRF protection in connecting Yahoo account

Discourse Cross-Site Request Forgery (CSRF) (CWE-352)

High

2018-12-06

Web Cache Deception Attack (XSS)

Discourse Cross-site Scripting (XSS) - Stored (CWE-79)

High

2018-11-18

Stored XSS in "post last edited" option

Discourse Cross-site Scripting (XSS) - Stored (CWE-79)

High

2018-07-09

Gaining access to private topics using quoting feature

Discourse Improper Access Control - Generic (CWE-284)

High

2018-03-17

Arbitrary Local-File Read from Admin - Restore From Backup due to Symlinks

Discourse Information Disclosure (CWE-200)

High

2017-05-13

Admin Command Injection via username in user_archive ExportCsvFile

Discourse Command Injection - Generic (CWE-77)

High

2017-05-13

Stored XSS in topics because of whitelisted_generic engine vulnerability