Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: phabricator
Possible to make restricted files public on Phabricator via Diffusion
Phabricator Improper Access Control - Generic (CWE-284)
Unknown
2022-07-29
User can link non-public file attachments, leading to file disclose on edit by higher-privileged user
Phabricator Business Logic Errors (CWE-840)
Medium
2022-06-26
Deprecated owners.query API bypasses object view policy
Phabricator Improper Access Control - Generic (CWE-284)
Unknown
2022-05-31
Conduit feed.publish API allows you to spoof other users or make it look like you have access to a restricted object
Phabricator
Unknown
2022-05-18
Global default settings page is accessible to non-administrators
Phabricator Improper Access Control - Generic (CWE-284)
Unknown
2022-05-09
Slowvote and Countdown can cause Denial of Service due to recursive inclusion
Phabricator Uncontrolled Resource Consumption (CWE-400)
Unknown
2022-05-09
Git flag injection leads to arbitrary file write
Phabricator Path Traversal (CWE-22)
High
2021-07-25
Broken Authentication and Session Management lead to take over account
Phabricator Improper Access Control - Generic (CWE-284)
High
2021-07-21
Edit Policy restriction does not prevent comments.
Phabricator Improper Access Control - Generic (CWE-284)
Medium
2020-07-17
SSRF in notifications.server configuration
Phabricator Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2020-05-15
Markdown parsing issue enables insertion of malicious tags
Phabricator Cross-site Scripting (XSS) - Stored (CWE-79)
Unknown
2019-12-13
IDOR bug to See hidden slowvote of any user even when you dont have access right
Phabricator Insecure Direct Object Reference (IDOR) (CWE-639)
Unknown
2019-08-29
Issue:Form does not contain an anti-CSRF token
Phabricator Cross-Site Request Forgery (CSRF) (CWE-352)
High
2019-03-22
Request vulnerable to CSRF
Phabricator Cross-Site Request Forgery (CSRF) (CWE-352)
High
2019-03-22
TOTP Key is shorter than RFC 4226 recommended minimum
Phabricator Cryptographic Issues - Generic (CWE-310)
None
2018-12-07
Exposing voting results on the Slowvote application without actually voting
Phabricator
Low
2018-11-05
The "Download Raw Diff" URL is viewable by everyone
Phabricator Information Disclosure (CWE-200)
Low
2018-05-23
Administrator can create user without entering high security mode
Phabricator Improper Authentication - Generic (CWE-287)
Low
2018-05-22
Window.opener fix bypass
Phabricator
Low
2018-02-18
Window.opener protection Bypass
Phabricator
Unknown
2018-02-17
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895