Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: udemy
[affiliates.udemy.com] Wordpress user admin information discloure
Udemy Information Disclosure (CWE-200)
Low
2019-04-28
S3 bucket unnecessarily discloses permissions
Udemy Improper Access Control - Generic (CWE-284)
None
2019-04-26
[engineering.udemy.com] - Subdomain Takeover (ghost.io)
Udemy Improper Access Control - Generic (CWE-284)
Low
2018-06-27
Subdomain Takeover (and Stored XSS) via Trailing Dot at https://coding-exercises.udemy.com
Udemy
None
2018-05-10
Weak Password
Udemy Violation of Secure Design Principles (CWE-657)
None
2017-08-28
CSRF Token Design Flaw
Udemy Cross-Site Request Forgery (CSRF) (CWE-352)
None
2017-08-28
No password length restriction
Udemy Weak Cryptography for Passwords (CWE-261)
None
2017-08-28
Violation of secure design principle
Udemy Violation of Secure Design Principles (CWE-657)
None
2017-08-17
CSRF Token
Udemy Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-08-17
Content Spoofing in udemy
Udemy Violation of Secure Design Principles (CWE-657)
Low
2017-07-23
Completed Compromise & Source Code Disclosure via Exposed Jenkins Dashboard at https://jenkins101.udemy.com
Udemy Code Injection (CWE-94)
High
2017-06-17
sweet32
Udemy Cryptographic Issues - Generic (CWE-310)CVE-2016-2183
None
2017-05-04
Showing Up Source Code
Udemy
Unknown
2017-05-04
Subdomain Takeover at Landing.udemy.com
Udemy Privilege Escalation (CAPEC-233)
Low
2017-03-30
Able to view others' gifts on /gift/share URL, giftId is predictable, and easy to manipulate
Udemy Improper Authentication - Generic (CWE-287)
Unknown
2017-03-26
Critical : Malware and XSS file can be uploaded and executed on udemy
Udemy Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-01-10
CSRF in Udemy.com
Udemy Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-01-10
Csrf on creating course
Udemy Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-01-10
Jenkins
Udemy
High
2017-01-10
Udemy s3 storage can be used by an attacker personal website because of missing CSRF Token
Udemy Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-01-05
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895