Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: weblate
Reset password cookie leads to account takeover
Weblate Reliance on Cookies without Validation and Integrity Checking in a Security Decision (CWE-784)
Medium
2020-10-12
HTML injection and information disclosure in support panel
Weblate Information Disclosure (CWE-200)
Medium
2019-07-09
Stored XSS via Create Project (Add new translation project)
Weblate Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-07-09
Stored XSS @ /engage/<project_slug>
Weblate Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-07-02
Bypassing captcha in registration on Hosted site
Weblate Uncontrolled Resource Consumption (CWE-400)
Medium
2017-07-03
Open redirect while disconnecting authenticated account
Weblate Open Redirect (CWE-601)
Medium
2017-06-08
CSRF - Changing the full name / adding a secondary email identity of an account via a GET request
Weblate Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-06-02
CSRF bypass ( Delate Source Translation From dictionaries ) in demo.weblate.org
Weblate Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-06-02
Login CSRF : Login Authentication Flaw
Weblate Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-06-02
No BruteForce Protection
Weblate Improper Restriction of Authentication Attempts (CWE-307)
Medium
2017-05-17
CSRF : Lock and Unlock Translation
Weblate Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-05-17
Rate Limit Bypass on login Page
Weblate Improper Authentication - Generic (CWE-287)
Medium
2017-05-17
CSV export filter bypass leads to formula injection.
Weblate Command Injection - Generic (CWE-77)
Medium
2017-05-17
Activation tokens are not expiring
Weblate Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-05-17
Open Redirect via "next" parameter in third-party authentication
Weblate Open Redirect (CWE-601)
Medium
2017-05-17
Registration captcha bypass
Weblate Violation of Secure Design Principles (CWE-657)
Medium
2017-05-17
Open redirect in Signing in via Social Sites
Weblate Open Redirect (CWE-601)
Medium
2017-05-17
No Rate Limitting at Change Password
Weblate
Medium
2017-05-17
full path disclosure at hosted.weblate.org/admin/accounts/profile/
Weblate Path Traversal (CWE-22)
Medium
2017-05-17
CSRF to Connect third party Account
Weblate Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-05-02
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895