Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: curl
CVE-2023-32001: fopen race condition
curl Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)CVE-2023-32001
Medium
2023-07-25
CVE-2023-28319: UAF in SSH sha256 fingerprint check
curl Use After Free (CWE-416)CVE-2023-28319
Medium
2023-05-24
Cache purge requests are not authenticated
curl Business Logic Errors (CWE-840)
Medium
2023-05-20
CVE-2023-28321: IDN wildcard match
curl Improper Certificate Validation (CWE-295)CVE-2023-28321
Low
2023-05-18
CVE-2023-28322: more POST-after-PUT confusion
curl Expected Behavior Violation (CWE-440)CVE-2023-28322CVE-2022-32221
Low
2023-05-18
CVE-2023-28320: siglongjmp race condition
curl Improper Synchronization (CWE-662)CVE-2023-28320
Low
2023-05-17
CVE-2023-27538: SSH connection too eager reuse still
curl Authentication Bypass by Primary Weakness (CWE-305)CVE-2023-27538
Low
2023-03-22
CVE-2023-27536: GSS delegation too eager connection re-use
curl Authentication Bypass by Primary Weakness (CWE-305)CVE-2023-27536
Low
2023-03-22
CVE-2023-27535: FTP too eager connection reuse
curl Authentication Bypass by Primary Weakness (CWE-305)CVE-2023-27535
Medium
2023-03-22
CVE-2023-27534: SFTP path ~ resolving discrepancy
curl Path Traversal (CWE-22)CVE-2023-27534
Low
2023-03-22
CVE-2023-27533: Telnet option IAC injection
curl Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)CVE-2023-27533
Low
2023-03-22
CVE-2023-27537: HSTS double-free
curl Double Free (CWE-415)CVE-2023-27537
Low
2023-03-20
CVE-2023-23916: HTTP multi-header compression denial of service
curl Allocation of Resources Without Limits or Throttling (CWE-770)CVE-2023-23916CVE-2023-23915
Medium
2023-02-20
CVE-2023-23914: curl HSTS ignored on multiple requests
curl Cleartext Transmission of Sensitive Information (CWE-319)CVE-2023-23914
Low
2023-02-15
CVE-2023-23915: HSTS amnesia with --parallel
curl Cleartext Transmission of Sensitive Information (CWE-319)CVE-2023-23915
Low
2023-02-15
curl file writing susceptible to symlink attacks
curl Business Logic Errors (CWE-840)
Low
2023-01-07
libssh backend CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 validation bypass
curl Business Logic Errors (CWE-840)
Low
2023-01-07
CVE-2022-43552: HTTP Proxy deny use-after-free
curl Use After Free (CWE-416)CVE-2022-43552
Low
2022-12-26
CVE-2022-43551: Another HSTS bypass via IDN
curl Cleartext Transmission of Sensitive Information (CWE-319)CVE-2022-43551CVE-2022-42916
Medium
2022-12-21
CVE-2022-42915: HTTP proxy double-free
curl Double Free (CWE-415)CVE-2022-42915
Medium
2022-11-26
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895