Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,221
CVE-linked
1,854
Programs
342
New This Week
4
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
CSRF in "send them an email and browser notification" feature
Chaturbate Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2018-09-27
CSRF in REPORT EMOTICON feature
Chaturbate Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2018-09-27
CSRF-tokens on pages without no-cache headers, resulting in ATO when using CloudFlare proxy (Web Cache Deception)
Discourse Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2018-08-08
Уязвимость дает возможность видеть записи , которые предлагаются пабликам + еще
VK.com Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2018-06-30
Уязвимость дает возможность смотреть кто лайкал приватным фото или видео
VK.com Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2018-06-24
remote access to localhost daemon, can issue jsonrpc commands
Monero Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2018-02-22
Logout CSRF
WakaTime Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-08-29
Posting to Twitter CSRF on php/post_twitter_authenticate.php
Eternal Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-08-19
Csrf in watch-unwatch projects
Weblate Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-08-17
self cross site scripting
Gratipay Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-07-10
CSRF на сброс ключа трансляции.
VK.com Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-07-09
Information leakage via CSV when content is valid JavaScript
HackerOne Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-05-23
CSRF : Reset API
Weblate Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-05-17
Logout CSRF
Weblate Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-05-17
CSRF vulnerability in saving payment card on store.starbucks.com (COBilling -AddCreditCard)
Starbucks Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-05-15
Clickjacking Vulnerability found on Yelp
Yelp Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-05-12
CSRF Token Bypass in Account Deletion
GitLab Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-04-20
Avoid "resend verification email" confusion
Gratipay Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2017-03-20
Order-phishing via Payment ID URL
PortSwigger Web Security Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2016-11-30
Possible CSRF during external programs
HackerOne Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2016-10-18
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239