Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,221
CVE-linked
1,854
Programs
342
New This Week
4
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
CSRF on launchpad.37signals.com OAuth2 authorization endpoint
Basecamp Cross-Site Request Forgery (CSRF) (CWE-352)
High
2020-10-30
CSRF Vulnerabiliy on Facebook Linkage Page Allows Full Account takerover of Socialclub Accounts.
Rockstar Games Cross-Site Request Forgery (CSRF) (CWE-352)
High
2020-06-24
Account takeover through CSRF in http://███████/██████████/default.asp
U.S. Dept Of Defense Cross-Site Request Forgery (CSRF) (CWE-352)
High
2020-06-11
Firmware download/install vulnerable to CSRF
Ubiquiti Inc. Cross-Site Request Forgery (CSRF) (CWE-352)CVE-2020-8168
High
2020-05-29
H1514 CSRF in Domain transfer allows adding your domain to other user's account
Shopify Cross-Site Request Forgery (CSRF) (CWE-352)
High
2020-03-30
Norway - store.starbucks.no - CSRF on email change
Starbucks Cross-Site Request Forgery (CSRF) (CWE-352)
High
2020-01-23
Cross-Site Request Forgery (CSRF) vulnerability on API endpoint allows account takeovers
Khan Academy Cross-Site Request Forgery (CSRF) (CWE-352)
High
2019-06-22
CSRF to HTML Injection in Comments
WordPress Cross-Site Request Forgery (CSRF) (CWE-352)
High
2019-05-13
UniFi Video Server web interface Configuration Restore CSRF leading to full application compromise
Ubiquiti Inc. Cross-Site Request Forgery (CSRF) (CWE-352)CVE-2019-5430
High
2019-04-28
CSRF in Inviting users
Ping Identity Cross-Site Request Forgery (CSRF) (CWE-352)
High
2019-03-26
Issue:Form does not contain an anti-CSRF token
Phabricator Cross-Site Request Forgery (CSRF) (CWE-352)
High
2019-03-22
Request vulnerable to CSRF
Phabricator Cross-Site Request Forgery (CSRF) (CWE-352)
High
2019-03-22
Account Takeover using Linked Accounts due to lack of CSRF protection
Rockstar Games Cross-Site Request Forgery (CSRF) (CWE-352)
High
2019-02-20
Проверяем принадлеженость email и номера телефона к определенному юзеру / CSRF на смену номера для некоторых пользователей
VK.com Cross-Site Request Forgery (CSRF) (CWE-352)
High
2019-01-28
Site-wide CSRF on eats.uber.com
Uber Cross-Site Request Forgery (CSRF) (CWE-352)
High
2018-12-19
Account takeover at https://try.discourse.org due to no CSRF protection in connecting Yahoo account
Discourse Cross-Site Request Forgery (CSRF) (CWE-352)
High
2018-12-06
CSRF log victim into the attacker account
Unikrn Cross-Site Request Forgery (CSRF) (CWE-352)
High
2018-04-10
CSRF in Raffles Ticket Purchasing
Unikrn Cross-Site Request Forgery (CSRF) (CWE-352)
High
2018-04-10
Wordpress 4.7 - CSRF -> HTTP SSRF any private ip:port and basic-auth
WordPress Cross-Site Request Forgery (CSRF) (CWE-352)
High
2017-11-20
[CRITICAL] Full account takeover using CSRF
X / xAI Cross-Site Request Forgery (CSRF) (CWE-352)
High
2017-11-03
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239