Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
11
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: shopify
Password reset token leak via "Host header" on third party website
Shopify Violation of Secure Design Principles (CWE-657)
Unknown
2022-02-10
Shopify.com Web Cache Deception vulnerability leads to personal information and CSRF tokens leakage
Shopify Violation of Secure Design Principles (CWE-657)
Low
2021-10-21
XSS Stored via Upload avatar PNG [HTML] File in accounts.shopify.com
Shopify Violation of Secure Design Principles (CWE-657)
Low
2020-08-30
Subdomain Takeover of multiple *.ttcdn.co domains
Shopify Violation of Secure Design Principles (CWE-657)
Low
2020-07-14
Ability to verify any email address you don't own - accounts.shopify.com
Shopify Violation of Secure Design Principles (CWE-657)
Unknown
2019-11-08
App messaging can be hijacked by third-party websites
Shopify Violation of Secure Design Principles (CWE-657)
Medium
2018-11-07
race condition in adding team members
Shopify Violation of Secure Design Principles (CWE-657)
Low
2016-11-10
Cookie securing your "Opening soon" store is not secured against XSS
Shopify Violation of Secure Design Principles (CWE-657)
Unknown
2015-12-01
Passwords Returned in Later Responses.
Shopify Violation of Secure Design Principles (CWE-657)
Unknown
2015-09-30
SSRF via 'Insert Image' feature of Products/Collections/Frontpage
Shopify Violation of Secure Design Principles (CWE-657)
Unknown
2015-08-24
SSRF via 'Add Image from URL' feature
Shopify Violation of Secure Design Principles (CWE-657)
Unknown
2015-07-15
SSL cookie without secure flag set
Shopify Violation of Secure Design Principles (CWE-657)
Unknown
2015-07-13
CSRF token fixation in facebook store app that can lead to adding attacker to victim acc
Shopify Violation of Secure Design Principles (CWE-657)
Unknown
2015-06-25
Header Misconfiguration - PHP API
Shopify Violation of Secure Design Principles (CWE-657)
Unknown
2015-06-11
Multiple issues on Checkout Process
Shopify Violation of Secure Design Principles (CWE-657)
None
2015-05-21
Content Spoofing
Shopify Violation of Secure Design Principles (CWE-657)
Unknown
2015-05-05
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895