Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Critical Deadlock Vulnerability in Monero RPC Leading to Complete Node Paralysis
Monero Uncontrolled Resource Consumption (CWE-400)
Critical
2026-05-06
WordPress application vulnerable to DoS attack via wp-cron.php
U.S. Dept Of Defense Uncontrolled Resource Consumption (CWE-400)
Critical
2023-04-14
DoS at █████(CVE-2018-6389)
U.S. Dept Of Defense Uncontrolled Resource Consumption (CWE-400)CVE-2018-6389
Critical
2023-03-24
DoS at ████████ (CVE-2018-6389)
U.S. Dept Of Defense Uncontrolled Resource Consumption (CWE-400)CVE-2018-6389
Critical
2023-02-24
HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2021-22883
Critical
2021-03-15
xmlrpc.php FILE IS enabled it will used for Bruteforce attack and Denial of Service(DoS)
BlockDev Sp. Z o.o Uncontrolled Resource Consumption (CWE-400)
Critical
2021-02-12
Mission completed. Grinch Networks is down and Christmas saved.
h1-ctf Uncontrolled Resource Consumption (CWE-400)
Critical
2021-01-12
Hacky Holidays CTF Writeup
h1-ctf Uncontrolled Resource Consumption (CWE-400)
Critical
2021-01-12
[CTF] I've DDoSed Grinch Network
h1-ctf Uncontrolled Resource Consumption (CWE-400)
Critical
2021-01-11
Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2020-8251
Critical
2020-10-17
Malformed HTTP/2 SETTINGS frame leads to reachable assert
Node.js Uncontrolled Resource Consumption (CWE-400)
Critical
2020-07-03
Prototype pollution in multipart parsing
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)CVE-2020-8136
Critical
2020-02-28
Lodash "difference" (possibly others) Function Denial of Service Through Unvalidated Input
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)
Critical
2019-12-04
Prototype pollution attack (extend)
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)CVE-2018-16492
Critical
2018-08-22
`memjs` allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)CVE-2018-3767
Critical
2018-06-27
Fastify denial-of-service vulnerability with large JSON payloads
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)CVE-2018-3711
Critical
2018-01-25
DoS: type confusion in mrb_no_method_error
shopify-scripts Uncontrolled Resource Consumption (CWE-400)
Critical
2017-03-01
Type confusion in mrb_exc_set leading to memory corruption
shopify-scripts Uncontrolled Resource Consumption (CWE-400)
Critical
2016-12-16
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895