Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,244
CVE-linked
1,864
Programs
343
New This Week
24
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 657 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Reflected XSS on www/delivery/afr.php
Revive Adserver Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2020-8115
Medium
2020-01-21
Reflected xss on 8x8.vc
8x8 Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-01-15
Reflected + Stored XSS - https://discussion.evernote.com
Evernote Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-01-03
RXSS to Stored XSS - forums.pubg.com | URL parameter
PUBG Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-01-02
stripo.email reflected xss
Stripo Inc Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-26
Reflected XSS on card.starbucks.com.sg/unsubRevert.php via the 'ct' Parameter
Starbucks Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-12
Reflected XSS on card.starbucks.com.sg/unsub.php via the 'ct' Parameter
Starbucks Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-12
CSS injection in avito.ru via IE11
Avito Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-12
Unauthenticated reflected XSS in preview_as_user function
Concrete CMS Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-06
[█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-02
[██████] Reflected GET XSS (/personnel.php?..&folder=*) with mouse action
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-02
[███████] Reflected GET XSS (/mission.php?...&missionDate=*)
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-02
Corda Server XSS ████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-02
Reflected XSS in https://www.starbucks.com/account/create/redeem/MCP131XSR via xtl_amount, xtl_coupon_code, xtl_amount_type parameters
Starbucks Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-11-13
A reflected XSS in python/Lib/DocXMLRPCServer.py
Internet Bug Bounty Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2019-16935
Medium
2019-10-19
Xss on community.imgur.com
Imgur Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-09-03
Reflected XSS / Markup Injection in `index.php/svg/core/logo/logo` parameter `color`
Nextcloud Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2020-8120
Medium
2019-08-29
Reflected XSS: Taxonomy Converter via tax parameter
WordPress Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-08-28
Reflected XSS on https://inventory.upserve.com/ (affects IE users only)
Upserve Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-08-06
Reflected XSS in https://www.starbucks.co.jp/store/search/
Starbucks Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-05-22
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609 $1,500
Nextcloud583
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239