Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: aws_vdp
SQL Injection Detection Bypass in AWS WAF Managed Rules (AWSManagedRulesSQLiRuleSet)
AWS VDP SQL Injection (CWE-89)
None
2026-04-15
Encryption context keys and values logged at INFO level
AWS VDP Insertion of Sensitive Information into Log File (CWE-532)
None
2026-04-10
Health check errors silently dropped when channel buffer full
AWS VDP
None
2026-04-07
Arbitrary Code Execution via Scanner Bypass in **aws-diagram-mcp-server** `exec()` Namespace
AWS VDP
None
2026-03-09
Password Reuse Vulnerability on AWS Sign-in Page via Password Reset Flow leads to Security Policy Violation
AWS VDP Weak Password Requirements (CWE-521)
None
2026-02-26
Unlimited Reuse of Coupon Code Allows Free Shipping on All Orders on ██████████
AWS VDP Business Logic Errors (CWE-840)
Low
2026-02-09
Command Injection on Amazon Q Developer CLI via malicious .amazonq/mcp.json leads to arbitrary code execution
AWS VDP Command Injection - Generic (CWE-77)
None
2026-01-16
Non-Production API Endpoints for the AI Ops Service Fails to Log to CloudTrail Resulting in Silent Permission Enumeration
AWS VDP Insufficient Logging (CWE-778)
Medium
2026-01-06
AWS Auto Scaling Service Reporting "AWS Internal" for CloudTrail Events Generated from Specific Endpoints
AWS VDP Insufficient Logging (CWE-778)
Medium
2026-01-05
Existence of completed pods allows for bypass of Kubernetes NetworkPolicy
AWS VDP Improper Access Control - Generic (CWE-284)
Medium
2025-11-19
Responsible disclosure - public S3 bucket exposing JSON/config files
AWS VDP Information Disclosure (CWE-200)
Low
2025-11-14
AWS | Self Registration Internal LibreChat : Access to internal/proprietary LLMs
AWS VDP Authentication Bypass Using an Alternate Path or Channel (CWE-288)
Low
2025-08-25
Remote Code Execution in Amazon MWAA due to outdated Apache Airflow version
AWS VDP Code Injection (CAPEC-242)CVE-2024-39877
None
2025-08-14
XSS on Amazon Aquisition: elemental
AWS VDP Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2025-07-22
Private AWS AMIs are temporarily being exposed publicly
AWS VDP
None
2025-05-29
Non-Production API Endpoints for the bedrock-agent Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
AWS VDP Insufficient Logging (CWE-778)
Medium
2025-05-28
Non-Production API Endpoints for the bedrock Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
AWS VDP Insufficient Logging (CWE-778)
Medium
2025-05-28
Non-Production API Endpoint for the EventBridge Service Fails to Log to CloudTrail Resulting in Silent Permission Enumeration
AWS VDP Insufficient Logging (CWE-778)
Medium
2025-05-28
Non-Production API Endpoints for the Global Accelerator Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
AWS VDP Insufficient Logging (CWE-778)
Medium
2025-05-28
Non-Production API Endpoints for the Health Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
AWS VDP Insufficient Logging (CWE-778)
Medium
2025-05-28
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895