Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,240
CVE-linked
1,863
Programs
342
New This Week
20
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 657 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
XSS DUE TO CVE-2020-3580
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2020-3580
Medium
2021-07-29
Reflected XSS - https://███
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-07-29
XSS Reflected on https://███ (███ parameter)
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-07-29
xss on https://███████(█████████ parameter)
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-07-29
xss reflected on https://███████- (███ parameters)
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-07-29
Cross site scripting
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-07-29
Reflected XSS via "Error" parameter on https://admin.acronis.com/admin/su/
Acronis Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-07-19
Reflected XSS at [████████]
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-30
CSRF Based XSS @ https://██████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-30
[www.███] Reflected Cross-Site Scripting
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-30
[█████████] Reflected Cross-Site Scripting Vulnerability
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-30
Reflected XSS on cz.acronis.com/dekujeme-za-odber-novinek-produktu-disk-director with ability to creating an admin user in WordPress
Acronis Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-22
Reflected XSS through ClickJacking
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-15
Reflected XSS
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-03
Reflected XSS at www.███████ at /██████████ via the ████████ parameter
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2017-14651
Medium
2021-06-03
Reflected XSS through clickjacking at https://████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-03
Reflected XSS on https://██████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-03
Reflected XSS on /admin/stats.php
Revive Adserver Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2021-22948
Medium
2021-06-03
Reflected XSS on mtnhottseat.mtn.com.gh
MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-05-24
Moodle XSS on evolve.glovoapp.com
Glovo Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-05-12
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609 $1,500
Nextcloud583
Shopify464
curl455
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239