Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,221
CVE-linked
1,854
Programs
342
New This Week
4
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Theft of protected files on Android
ownCloud Violation of Secure Design Principles (CWE-657)
Low
2022-03-17
Race condition in User comments Likes
Eternal Violation of Secure Design Principles (CWE-657)
Low
2022-02-09
ABLE TO TRICK THE VICTIM INTO USING A CRAFTED EMAIL ADDRESS FOR A PARTICULAR SESSION AND THEN LATER TAKE BACK THE ACCOUNT
Mattermost Violation of Secure Design Principles (CWE-657)CVE-2021-37862
Low
2022-01-05
Design Issues at Main Domain
Sifchain Violation of Secure Design Principles (CWE-657)
Low
2021-12-09
No Rate Limit on redditgifts gift when Adding Comment
Reddit Violation of Secure Design Principles (CWE-657)
Low
2021-10-21
Shopify.com Web Cache Deception vulnerability leads to personal information and CSRF tokens leakage
Shopify Violation of Secure Design Principles (CWE-657)
Low
2021-10-21
Broken Link on TikTokUS.Info
TikTok Violation of Secure Design Principles (CWE-657)
Low
2021-10-01
No Rate Limit On Reset Password
UPchieve Violation of Secure Design Principles (CWE-657)
Low
2021-08-31
A profile page of a user can be denied from loading by appending .html to the username
GitLab Violation of Secure Design Principles (CWE-657)
Low
2021-08-30
hackers.upchieve.org and argocd.upchieve.org is not preloaded.
UPchieve Violation of Secure Design Principles (CWE-657)
Low
2021-07-28
Error Page Content Spoofing or Text Injection
Basecamp Violation of Secure Design Principles (CWE-657)
Low
2021-07-14
Broken Link on Urban Company's Vulnerability Submission Form
Urban Company Violation of Secure Design Principles (CWE-657)
Low
2021-06-21
Broken Link on Ping Identity's Vulnerability Submission Form on Hackerone
Ping Identity Violation of Secure Design Principles (CWE-657)
Low
2021-06-16
HTTPS not enforced at dex.sifchain.finance
Sifchain Violation of Secure Design Principles (CWE-657)
Low
2021-06-10
Failure to Invalid Session after Password Change
Liberapay Violation of Secure Design Principles (CWE-657)
Low
2021-03-12
User password left in memory in plain text after GUI launch
Nord Security Violation of Secure Design Principles (CWE-657)
Low
2021-01-24
Session misconfiguration on change password feature at https://apps-staging.pingone.com/myaccount/?environmentId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx#
Ping Identity Violation of Secure Design Principles (CWE-657)
Low
2020-11-16
Possibility to freeze/crash the host system of all Slack Desktop users easily
Slack Violation of Secure Design Principles (CWE-657)
Low
2020-11-10
No rate limiting for confirmation email lead to email flooding and leads to enumeration of emails in publishers.basicattentiontoken.org
Brave Software Violation of Secure Design Principles (CWE-657)
Low
2020-11-09
Broken Authentication and Session Management Flaw After Change Password and Logout
Omise Violation of Secure Design Principles (CWE-657)
Low
2020-11-08
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239