Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports

12,221

CVE-linked

1,854

Programs

342

New This Week

Severity: All Critical High Medium Low

Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375

Program filter: inflection✕

Privilege Escalation: Read-Only to Admin

Inflection Privilege Escalation (CAPEC-233)

High

2019-03-15

Malicious callback url can be set while creating application in identity

Inflection Business Logic Errors (CWE-840)

Medium

2019-01-03

Session ID is accessible via XSS

Inflection

Medium

2018-09-30

Clickjacking on https://www.goodhire.com/api

Inflection UI Redressing (Clickjacking) (CAPEC-103)

Low

2018-05-10

Open redirect at app.goodhire.com via ReturnUrl parameter

Inflection

High

2018-02-21

XSS at https://app.goodhire.com/member/GH.aspx

Inflection

Medium

2018-02-21

Reflected Cross-site Scripting Vulnerability via JSON Error Message

Inflection Cross-site Scripting (XSS) - Reflected (CWE-79)

Low

2018-02-09

Information Disclosure and Privilege Escalation in app.goodhire.com/member/developers/api-settings

Inflection Information Disclosure (CWE-200)

High

2018-01-18

Goodhire Open Redirect

Inflection Open Redirect (CWE-601)

None

2017-12-20

Limited arbitrary text inclusion in user invite emails

Inflection Phishing (CAPEC-98)

None

2017-11-29

Business Logic Flaw allowing Privilege Escalation

Inflection Business Logic Errors (CWE-840)

None

2017-11-29

Unsubscribe Any User

Inflection Business Logic Errors (CWE-840)

None

2017-11-29

HTTP Host Header Injection on app.goodhire.com

Inflection HTTP Response Splitting (CWE-113)

None

2017-11-01

Amount Manipulation Buy Unlimited Credits in just $1.00

Inflection Insecure Direct Object Reference (IDOR) (CWE-639)

None

2017-11-01

Host Header Injection or cache poisoning in multiple domains

Inflection

None

2017-10-31

XST(Cross Site Tracing)

Inflection

None

2017-10-31

Limited Account Takeover via Backup codes

Inflection

None

2017-10-26

Fake mailing reports using mail service on [URL : mail-txn.identity.com]

Inflection

Low

2017-10-25

Host Header Injection and Cache Poisoning

Inflection

None

2017-10-24

Privilege Escalation.

Inflection Privilege Escalation (CAPEC-233)

Low

2017-10-24

Top Weakness Types

Most Active Programs

Program	Reports	Max $
U.S. Dept Of Defense	896	—
Internet Bug Bounty	817	—
HackerOne	609	—
Nextcloud	582	—
Shopify	464	—
curl	440	—
Node.js third-party modules	307	—
GitLab	258	$13,950
X / xAI	250	$2,500
Uber	239	$9,895

Goal Reached Thanks to every supporter — we hit 100%!

Bug Bounty Intelligence