Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports

12,219

CVE-linked

1,854

Programs

342

New This Week

Severity: All Critical High Medium Low

Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375

Program filter: snapchat✕

XSS found on Snapchat website

Snapchat Cross-site Scripting (XSS) - Generic (CWE-79)

Unknown

2018-05-26

Subdomain Takeover via Unclaimed WordPress site

Snapchat Improper Authentication - Generic (CWE-287)

Medium

2017-10-06

Subdomain Takeover via unclaimed UserVoice domain

Snapchat Privilege Escalation (CAPEC-233)

High

2017-10-04

RCE/LFI on test Jenkins instance due to improper authentication flow

Snapchat Improper Access Control - Generic (CWE-284)

Medium

2017-08-19

Open prod Jenkins instance

Snapchat Information Disclosure (CWE-200)

High

2017-08-19

[spectacles.com] Bypassing quantity limit in orders

Snapchat HTTP Request Smuggling (CWE-444)

Medium

2017-08-12

CRLF Injection at vpn.bitstrips.com

Snapchat CRLF Injection (CWE-93)

Medium

2017-06-15

RTLO char allowed in chat

Snapchat UI Redressing (Clickjacking) (CAPEC-103)

Medium

2017-02-28

[render.bitstrips.com] Stored XSS via an incorrect avatar property value

Snapchat Cross-site Scripting (XSS) - Generic (CWE-79)

Unknown

2017-01-04

Bypassing "You've requested your data the maximum number of times today." + "Please Verify an email address with snapchat to continue"

Snapchat Improper Authentication - Generic (CWE-287)

Unknown

2016-11-25

Subdomain takeover of blog.snapchat.com

Snapchat

Unknown

2016-10-05

Incoming email hijacking on sc-cdn.net

Snapchat Misconfiguration (CWE-16)

Unknown

2016-09-23

Subdomain takeover on http://fastly.sc-cdn.net/

Snapchat Violation of Secure Design Principles (CWE-657)

Unknown

2016-08-22

Administrator access to a Django Administration Panel on *.sc-corp.net via bruteforced credentials

Snapchat Improper Authentication - Generic (CWE-287)

Unknown

2016-07-14

Subdomain takeover in http://support.scan.me pointing to Zendesk (a Snapchat acquisition)

Snapchat Cross-site Scripting (XSS) - Generic (CWE-79)

Unknown

2016-02-16

Password Reset - query param overrides postdata

Snapchat Privilege Escalation (CAPEC-233)

Unknown

2015-12-24

Vulnerable to JavaScript injection. (WXS) (Javascript injection)!

Snapchat Command Injection - Generic (CWE-77)

Unknown

2015-10-22

Captcha Bypass in Snapchat's Geofilter Submission Process

Snapchat Violation of Secure Design Principles (CWE-657)

Unknown

2015-05-04

Top Weakness Types

Most Active Programs

Program	Reports	Max $
U.S. Dept Of Defense	896	—
Internet Bug Bounty	817	—
HackerOne	609	—
Nextcloud	582	—
Shopify	464	—
curl	439	—
Node.js third-party modules	307	—
GitLab	258	—
X / xAI	250	$2,500
Uber	239	$9,895

Goal Reached Thanks to every supporter — we hit 100%!

Bug Bounty Intelligence