Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
14
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: tiktok
Chained Broken Access Control in TikTok Live Backstage Enables Full Control of Public Leaderboard Activities
TikTok Privilege Escalation (CAPEC-233)
Medium
2025-09-11
Stored XSS on TikTok's backend leads to the leakage of highly sensitive administrator data (Cookies, API Keys, Internal Paths, Emails, phone numbers).
TikTok Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2025-09-11
Chain Vulnerability lead to Full Control Group Live Accounts & Undeletable Creator
TikTok Privilege Escalation (CAPEC-233)
Medium
2025-07-08
Unauthorized Access to TikTok Account [Private Videos] via API Endpoint
TikTok Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2025-01-24
CSRF in ticket function
TikTok Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2024-11-05
Exploitable live argument in onClick Function leads to Data Leakage of Inactive/Suspended Products
TikTok Business Logic Errors (CWE-840)
Medium
2024-07-19
Using Branded Hashtag Feature User Partnered with Account Manager Can View Videos Uploaded By A Private TikTok Account If 'item_id' Is Known
TikTok Information Disclosure (CWE-200)
Medium
2024-04-03
Reflected XSS On [https://www-useast1a.tiktok.com/ug/incentive/share/hd]
TikTok Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-01-12
RXSS on TikTok endpoints
TikTok Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-01-09
RXSS via region parameter
TikTok Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-01-09
1 Click to 'Close Account and Refund' via POSTMESSAGE
TikTok Improper Access Control - Generic (CWE-284)
Medium
2024-01-03
CRLF injection leads to internal XSS on PangleGlobal
TikTok CRLF Injection (CWE-93)
Medium
2023-10-31
Stored XSS Via Ads Account Name
TikTok Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2023-09-12
Dom XSS and open redirect in TikTok seller endpoint
TikTok Cross-site Scripting (XSS) - DOM (CWE-79)
Medium
2023-08-07
CSRF in seller-us.tiktok.com/profile/account-setting/delegation-login
TikTok Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2023-07-26
CSRF protection bypass on TikTok Webcast Endpoints
TikTok Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2023-07-12
Unrestricted File Upload on https://partner.tiktokshop.com/wsos_v2/oec_partner/upload
TikTok Unrestricted Upload of File with Dangerous Type (CWE-434)
Medium
2023-04-12
TikTok 2FA Bypass
TikTok Improper Authorization (CWE-285)
Medium
2023-02-03
bypass two-factor authentication in Android apps and web
TikTok Authentication Bypass Using an Alternate Path or Channel (CWE-288)
Medium
2023-01-09
Ability to change permissions across seller platform
TikTok Improper Access Control - Generic (CWE-284)
Medium
2022-12-06
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895