Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,221
CVE-linked
1,854
Programs
342
New This Week
6
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Persistent CSRF in /GiftCert-AddToBasket prevents purchases on eCommerce sites
Starbucks Cross-Site Request Forgery (CSRF) (CWE-352)
High
2017-05-15
CSRF vulnerability in saving payment card on store.starbucks.com (COBilling -AddCreditCard)
Starbucks Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-05-15
Clickjacking Vulnerability found on Yelp
Yelp Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-05-12
Information disclosure - emails disclosed in response > staging.seatme.us
Yelp Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-05-11
CSRF to Connect third party Account
Weblate Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-05-02
CSRF Token Bypass in Account Deletion
GitLab Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-04-20
HackerOne is still prone to Internet Explorer UXSS
HackerOne Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-04-19
CSRF token validation is missing
Nextcloud Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-04-19
CSRF on cards API
X / xAI Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-04-11
CSRF in all API endpoints when authenticated using HTTP Authentication
Shopify Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-03-28
Avoid "resend verification email" confusion
Gratipay Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-03-20
Cross-site request forgery vulnerability on a DoD website
U.S. Dept Of Defense Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-03-16
CSRF in 'set.php' via age causes stored XSS on 'get.php' - http://www.rockstargames.com/php/videoplayer_cache/get.php'
Rockstar Games Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-03-10
CSRF on signup endpoint (auto-api.yelp.com)
Yelp Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-03-01
CSRF exploit | Adding/Editing comment of wishlist items (teavana.com - Wishlist-Comments)
Starbucks Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-02-13
Добавление в меню сообщества без ведома пользователя (нажатия пользователем)
VK.com Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-02-13
Уязвимость Создание фотографий без ведома пользователей
VK.com Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-02-09
apps.shopify.com - CSRF token leakage through Google Analytics
Shopify Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-02-07
CSRF Attack on (m.badoo.com)deleting account and erasing imported contacts
Bumble Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-02-06
CSRF in Udemy.com
Udemy Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-01-10
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239