Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: yelp
RXSS AT https://proze.yelp.com/tmsubscribe.net/vidsn.aspx
Yelp Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2025-06-30
Object Level access control leads to reading user's full requests, sessions, and error messages
Yelp Improper Access Control - Generic (CWE-284)
Medium
2025-01-18
yelp.com and biz.yelp.com ATO via XSS + Cookie Bridge
Yelp Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2023-09-08
Autofill/Autosave password on login
Yelp Insufficiently Protected Credentials (CWE-522)
Medium
2022-10-11
CORS Misconfiguration on trust.yelp.com
Yelp
Medium
2022-10-10
No rate limit on subscribe form
Yelp Business Logic Errors (CWE-840)
Medium
2022-10-05
no rate limit in forgot password session
Yelp
Medium
2022-09-29
Server-side request forgery (ssrf)
Yelp Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2022-09-28
CORS Misconfiguration on Yelp
Yelp
Medium
2022-09-28
password field autocomplete enabled
Yelp Insecure Storage of Sensitive Information (CWE-922)
Medium
2022-09-27
X-Forward-For Header allows to bypass access restrictions
Yelp Improper Access Control - Generic (CWE-284)
Medium
2020-10-26
Email flooding using user invitation feature in biz.yelp.com due to lack of rate limiting
Yelp Violation of Secure Design Principles (CWE-657)
Medium
2020-09-29
Clickjacking lead to remove review
Yelp
Medium
2020-09-01
CRITICAL-CLICKJACKING at Yelp Reservations Resulting in exposure of victim Private Data (Email info) + Victim Credit Card MissUse.
Yelp Improper Access Control - Generic (CWE-284)
Medium
2020-08-21
I.D.O.R TO EDIT ALL USER'S CREDIT CARD INFORMATION+(Partial credit card info disclosure)
Yelp Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2020-08-19
No rate limiting for confirmation email lead to email flooding
Yelp Violation of Secure Design Principles (CWE-657)
Medium
2020-02-11
DoS of https://blog.yelp.com/ and other WP instances via CVE-2018-6389
Yelp CVE-2018-6389
Medium
2020-01-17
Click jacking in delete image of user in Yelp
Yelp UI Redressing (Clickjacking) (CAPEC-103)
Medium
2017-11-09
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895