Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
14
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: nodejs
Denial of Service via `__proto__` header name in `req.headersDistinct` (Uncaught `TypeError` crashes Node.js process)
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2026-21710
High
2026-03-30
TLS PSK/ALPN Callback Exceptions Bypass Error Handlers, Causing DoS and FD Leak
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2026-21637
Medium
2026-02-12
Memory leak that enables remote Denial of Service against applications processing TLS client certificates
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2025-59464
Medium
2026-02-12
GOAWAY HTTP/2 frames cause memory leak outside heap
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2025-23085
Medium
2025-02-06
"Assertion failed" in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2024-27983
High
2024-04-08
Denial of Service by resource exhaustion in fetch() brotli decoding
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2024-22025
Medium
2024-03-16
http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2024-22019
High
2024-02-15
node.js process aborts when processing x509 certs with invalid public key information
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2023-30588
Medium
2023-07-20
Regular Expression Denial of Service in Headers
Node.js Uncontrolled Resource Consumption (CWE-400)
Low
2023-03-19
HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2021-22883
Critical
2021-03-15
DNS Max Responses for DOS
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2020-8277
High
2020-12-16
Slowloris, body parsing
Node.js Uncontrolled Resource Consumption (CWE-400)
Low
2020-10-17
Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2020-8251
Critical
2020-10-17
Malformed HTTP/2 SETTINGS frame leads to reachable assert
Node.js Uncontrolled Resource Consumption (CWE-400)
Critical
2020-07-03
Node.js HTTP/2 Large Settings Frame DoS
Node.js Uncontrolled Resource Consumption (CWE-400)
Low
2020-07-02
Fix for CVE-2018-12122 can be bypassed via keep-alive requests
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2018-12122
Medium
2020-02-13
Http response is not ended although underlying socket is already destroyed
Node.js Uncontrolled Resource Consumption (CWE-400)
Unknown
2020-01-15
Multiple HTTP/2 DOS Issues
Node.js Uncontrolled Resource Consumption (CWE-400)
High
2019-08-16
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895