Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: rockstargames
Access to the business emails of Rockstar Support agents through the support platform
Rockstar Games Improper Access Control - Generic (CWE-284)
Low
2025-10-02
Open Redirection effects autodiscover.rockstargames.com
Rockstar Games
Low
2025-02-03
Modifying Sprunk vs eCola crew data
Rockstar Games Insecure Direct Object Reference (IDOR) (CWE-639)
Low
2022-09-06
Uninstalling Rockstar Games Launcher for Windows (64-bit), then reinstalling keeps you logged in without authentication
Rockstar Games Privacy Violation (CWE-359)
Low
2022-04-07
Brute Force against VMware Horizon
Rockstar Games Improper Restriction of Authentication Attempts (CWE-307)
Low
2021-08-16
Minor Account Privacy can Set to Everyone.
Rockstar Games Insecure Direct Object Reference (IDOR) (CWE-639)
Low
2021-03-02
Open redirect on https://signin.rockstargames.com/connect/authorize/rsg
Rockstar Games Open Redirect (CWE-601)
Low
2021-02-18
phpinfo() on graph.rockstargames.com exposes sensitive information
Rockstar Games Information Disclosure (CWE-200)
Low
2021-01-21
CSRF Vulnerability on post creation page /community/create-post.json
Rockstar Games Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-07-07
csrf in https://www.rockstargames.com/reddeadonline/feedback/submit.json
Rockstar Games Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-07-07
Referer Referer Header Leakage in language changer may lead to FB token theft
Rockstar Games Information Disclosure (CWE-200)
Low
2020-06-24
insecure redirect in https://www.rockstargames.com
Rockstar Games Violation of Secure Design Principles (CWE-657)
Low
2020-06-12
Information Disclosure in https://www.rockstargames.com/search
Rockstar Games SQL Injection (CWE-89)
Low
2020-06-11
Open redirect in https://www.rockstargames.com/GTAOnline/restricted-content/agegate/form may lead to Facebook OAuth token theft
Rockstar Games Open Redirect (CWE-601)
Low
2020-06-11
full path disclosure on www.rockstargames.com via apache filename brute forcing
Rockstar Games Information Disclosure (CWE-200)
Low
2019-10-04
Open redirect vulnerability
Rockstar Games Open Redirect (CWE-601)
Low
2019-04-03
Found CSRF Vulnerability in https://support.rockstargames.com/
Rockstar Games Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2018-10-16
Table and Column Exposure
Rockstar Games Information Exposure Through an Error Message (CWE-209)
Low
2018-05-10
Leak IP internal
Rockstar Games Information Disclosure (CWE-200)
Low
2018-02-05
Control characters incorrectly handled on Crew Status Update
Rockstar Games Code Injection (CWE-94)
Low
2017-06-23
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895