Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: weblate
Argument Injection in /manage/ssh/ via host parameter leads to sensitive file disclosure on Weblate
Weblate CVE-2026-24126
Unknown
2026-04-26
exposure of personal IP address via email.
Weblate Privacy Violation (CWE-359)
Unknown
2025-07-16
Information Disclosure
Weblate
Low
2024-02-12
Logging in without knowing credentials after logged out action
Weblate
Unknown
2023-06-16
CSRF with logout action
Weblate Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2023-06-16
Testing flow includes a DeepSource secret
Weblate Use of Hard-coded Credentials (CWE-798)
Low
2023-04-11
No rate limiting for Remove Account lead to huge Mass mailings
Weblate Business Logic Errors (CWE-840)
None
2022-11-20
hosted.weblate.org display of unfiltered results
Weblate
None
2022-01-21
No rate Limit on Add new Translation Project
Weblate Improper Restriction of Authentication Attempts (CWE-307)
Unknown
2021-06-21
Race Condition allows to get more free trials and get more than 100 languages and strings for free
Weblate Business Logic Errors (CWE-840)
Low
2021-02-25
Reset password cookie leads to account takeover
Weblate Reliance on Cookies without Validation and Integrity Checking in a Security Decision (CWE-784)
Medium
2020-10-12
Send Empty CSRF leads to log out user on [https://hosted.weblate.org/accounts/profile]
Weblate Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-10-12
Open Github Repo Leaking WEBLATE SECRET KEY
Weblate Cleartext Storage of Sensitive Information (CWE-312)
None
2020-07-26
Improper validation of unicode characters#2
Weblate
None
2020-07-26
Secret_key in GitHub
Weblate Information Disclosure (CWE-200)
None
2020-07-18
no captcha for register user and weak question attacker can spam email
Weblate Violation of Secure Design Principles (CWE-657)
Unknown
2019-10-26
HTML injection and information disclosure in support panel
Weblate Information Disclosure (CWE-200)
Medium
2019-07-09
Stored XSS via Create Project (Add new translation project)
Weblate Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-07-09
Stored XSS @ /engage/<project_slug>
Weblate Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-07-02
No Rate On Add Suggest
Weblate Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
Low
2019-01-22
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895