Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: makerdao_bbp
SQL Injection leads to retrieve the contents of an entire database.
BlockDev Sp. Z o.o SQL Injection (CWE-89)
Critical
2021-12-29
xmlrpc.php FILE IS enabled it will used for Bruteforce attack and Denial of Service(DoS)
BlockDev Sp. Z o.o Uncontrolled Resource Consumption (CWE-400)
Critical
2021-02-12
A specially crafted value for the 'Cache-Digest' header causing crash in chat.makerdao.com
BlockDev Sp. Z o.o Improper Restriction of Authentication Attempts (CWE-307)CVE-2020-9490
Critical
2020-11-02
Email HTML injection
BlockDev Sp. Z o.o
Low
2020-06-10
Blind SSRF at https://chat.makerdao.com/account/profile
BlockDev Sp. Z o.o Server-Side Request Forgery (SSRF) (CWE-918)
Critical
2020-04-14
[blog.makerdao.com] Multiple Vulnerabilities - Leads to leakage user admin sensitive exposure
BlockDev Sp. Z o.o Business Logic Errors (CWE-840)
Unknown
2020-04-14
xmlrpc.php file is enable it will used for (Denial of Service) and bruteforce attack
BlockDev Sp. Z o.o Uncontrolled Resource Consumption (CWE-400)
Unknown
2020-04-07
load scripts DOS vulnerability
BlockDev Sp. Z o.o Improper Restriction of Authentication Attempts (CWE-307)CVE-2018-6389
High
2020-04-02
DoS of https://blog.makerdao.com/ via CVE-2018-6389
BlockDev Sp. Z o.o CVE-2018-6389
Unknown
2020-02-18
xmlrpc.php FILE IS enable it will used for Bruteforce attack
BlockDev Sp. Z o.o
Unknown
2020-02-18
Wordpress users disclosure on blog.makerdao.con
BlockDev Sp. Z o.o Information Disclosure (CWE-200)
Low
2020-01-15
UNRESTRICTED FILE UPLOAD AT chat.makerdao.com
BlockDev Sp. Z o.o Insecure Temporary File (CWE-377)
High
2020-01-15
Two-factor authentication (2FA) Bypass
BlockDev Sp. Z o.o Authentication Bypass Using an Alternate Path or Channel (CWE-288)
Critical
2020-01-15
App Takeover ( makerdao.herokuapp.com )
BlockDev Sp. Z o.o Privilege Escalation (CAPEC-233)
High
2020-01-15
Steal ALL collateral during liquidation by exploiting lack of validation in `flip.kick`
BlockDev Sp. Z o.o Improper Input Validation (CWE-20)
Critical
2019-10-01
Steal all MKR from `flap` during liquidation by exploiting lack of validation in `flap.kick`
BlockDev Sp. Z o.o Improper Input Validation (CWE-20)
High
2019-09-26
.git file accessible
BlockDev Sp. Z o.o Information Disclosure (CWE-200)
Low
2019-09-13
Steal collateral during `end` process, by earning DSR interest after `flow`.
BlockDev Sp. Z o.o Business Logic Errors (CWE-840)
High
2019-09-09
Earn free DAI interest (inflation) through instant CDP+DSR in one tx
BlockDev Sp. Z o.o Business Logic Errors (CWE-840)
High
2019-08-12
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895