Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports

12,245

CVE-linked

1,864

Programs

343

New This Week

Severity: All Critical High Medium Low

Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375

Open Akamai ARL XSS at ████████

U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-04-07

XSS Reflected - ███

U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-04-07

XSS Reflected at https://sketch.pixiv.net/ Via `next_url`

pixiv Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-03-23

Reflected XSS - in Email Input

U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-03-18

CVE-2021-42567 - Apereo CAS Reflected XSS on https://█████████

U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2021-42567

Medium

2022-03-18

XSS because of Akamai ARL misconfiguration on ████

U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-03-18

RXSS on https://equifax.gr8people.com on Password Reset page in the username parameter

Equifax-vdp Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-03-09

Reflected XSS at https://█████████ via "███" parameter

U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-02-14

Reflected XSS at https://█████ via "██████████" parameter

U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-02-14

Reflected XSS at https://██████████/████████ via "███████" parameter

U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-02-14

Reflected XSS at https://██████/██████ via "██████" parameter

U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-02-14

Reflected XSS at https://██████/██████████ via "████████" parameter

U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-02-14

RXSS ON https://██████████

U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-02-14

Reflected xss on ads.tiktok.com using `from` parameter.

TikTok Cross-site Scripting (XSS) - Reflected (CWE-79)

High

2022-02-09

Reflected Xss On https://vk.com/search

VK.com Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-02-01

XSS via X-Forwarded-Host header

Omise Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-01-29

xss reflected on imgur.com

Imgur Cross-site Scripting (XSS) - Reflected (CWE-79)

Unknown

2022-01-22

[https://app.recordedfuture.com] - Reflected XSS via username parameter

Recorded Future Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-01-21

Reflected XSS online-store-git.shopifycloud.com

Shopify Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-01-20

Reflected XSS on https://███/████via hidden parameter "█████████"

U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-01-19

Top Weakness Types

Most Active Programs

Program	Reports	Max $
U.S. Dept Of Defense	896	—
Internet Bug Bounty	817	$2,257
HackerOne	609	—
Nextcloud	584	—
Shopify	464	—
curl	457	—
Node.js third-party modules	307	—
GitLab	258	—
X / xAI	250	$2,500
Uber	239	—

Goal Reached Thanks to every supporter — we hit 100%!

Bug Bounty Intelligence