Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,221
CVE-linked
1,854
Programs
342
New This Week
4
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Chained vulnerabilities create DOS attack against users on desafio5estrelas.com
Uber Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2021-03-30
Non-changing "_idnonce" value leads to CSRF on accounts at https://intensedebate.com for account takeover
Automattic Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2021-02-17
[tumblr.com] CSRF in /svc/user/filtered_content
Automattic Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-12-26
User In The Same Center Can Create CSRF To Change The Information About Business
TikTok Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-12-18
[Admin Panel] CSRF to resume/pause runner
GitLab Cross-Site Request Forgery (CSRF) (CWE-352)CVE-2020-13350
Low
2020-12-01
Send Empty CSRF leads to log out user on [https://hosted.weblate.org/accounts/profile]
Weblate Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-10-12
CSRF Vulnerability on post creation page /community/create-post.json
Rockstar Games Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-07-07
csrf in https://www.rockstargames.com/reddeadonline/feedback/submit.json
Rockstar Games Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-07-07
Logout page does not prevent CSRF
Courier Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-07-06
Login CSRF vulnerability on hackerone.com
HackerOne Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-06-12
CSRF header is sent to external websites when using data-remote forms
Ruby on Rails Cross-Site Request Forgery (CSRF) (CWE-352)CVE-2020-8167CVE-2015-1840
Low
2020-05-26
Periscope iOS app CSRF in follow action due to deeplink
X / xAI Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-03-31
Periscope android app deeplink leads to CSRF in follow action
X / xAI Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-02-21
CSRF vulnerability that allows an attacker to modify encryption settings
Nextcloud Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2019-12-07
Missing CSRF Token On Remove Coupun From Cart
Starbucks Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2019-02-08
Missing CSRF Token On Add Coupon To Basket
Starbucks Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2019-01-22
CSRF | Ban or unban users in broadcast's chat
Valve Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2019-01-07
Found CSRF Vulnerability in https://support.rockstargames.com/
Rockstar Games Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2018-10-16
vulnerable to Cross-site Request Forgery | Jira
MariaDB Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2018-10-12
CSRF on change video thumbnail at https://chaturbate.com
Chaturbate Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2018-10-07
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239