Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,222
CVE-linked
1,855
Programs
342
New This Week
5
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
DoS of https://research.adobe.com/ via CVE-2018-6389 exploitation
Adobe Uncontrolled Resource Consumption (CWE-400)CVE-2018-6389
Medium
2022-10-13
ReDoS in net/http affects webhooks: Sidekiq job stuck at 100% CPU for a year
GitLab Uncontrolled Resource Consumption (CWE-400)
Medium
2022-09-13
monerod JSON RPC server remote DoS
Monero Uncontrolled Resource Consumption (CWE-400)
Medium
2022-09-12
xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS)
Top Echelon Software Uncontrolled Resource Consumption (CWE-400)
Medium
2022-08-08
Enrolling to a CA that returns an empty response crashes the node process
Linux Foundation Decentralized Trust Uncontrolled Resource Consumption (CWE-400)
Medium
2022-08-06
Improper input-size validation on the user new session name can result in server-side DDoS.
Nextcloud Uncontrolled Resource Consumption (CWE-400)CVE-2022-29243
Medium
2022-05-31
Memory leak in CURLOPT_XOAUTH2_BEARER
curl Uncontrolled Resource Consumption (CWE-400)
Medium
2022-05-13
Regular Expression Denial of Service vulnerability
Reddit Uncontrolled Resource Consumption (CWE-400)CVE-2021-32640
Medium
2022-04-12
Denial of Service vulnerability in curl when parsing MQTT server response
curl Uncontrolled Resource Consumption (CWE-400)
Medium
2022-03-28
Use of uninitialized value of in req_parsebody method of lua_request.c
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2022-22719
Medium
2022-03-17
Specific Payload makes a Users Posts unavailable
FetLife Uncontrolled Resource Consumption (CWE-400)
Medium
2022-01-26
Static files on HackerOne.com can be made inaccessible through Cache Poisoning attack
HackerOne Uncontrolled Resource Consumption (CWE-400)
Medium
2021-12-22
Ruby - Regular Expression Denial of Service Vulnerability of Date Parsing Methods
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2021-41817
Medium
2021-11-19
ReDoS in syntax highlighting due to Rouge
GitLab Uncontrolled Resource Consumption (CWE-400)
Medium
2021-11-15
Web Cache Poisoning leading to DoS
U.S. General Services Administration Uncontrolled Resource Consumption (CWE-400)
Medium
2021-11-08
Hash-Collision Denial-of-Service Vulnerability in Markdown Parser
Reddit Uncontrolled Resource Consumption (CWE-400)
Medium
2021-10-21
1-click DOS in fastify-static via directly passing user's input to new URL() of NodeJS without try/catch
Fastify Uncontrolled Resource Consumption (CWE-400)CVE-2021-22964
Medium
2021-10-11
Denial of Service via Hyperlinks in Posts
Slack Uncontrolled Resource Consumption (CWE-400)
Medium
2021-10-03
DoS of LINE client for Android via message containing multiple unicode characters (0x0e & 0x0f)
LY Corporation Uncontrolled Resource Consumption (CWE-400)
Medium
2021-09-24
2 Bypass of #1067533 rate limit via X-Forwarded-For<space>: Source IP on ( www.trycourier.app )
Courier Uncontrolled Resource Consumption (CWE-400)
Medium
2021-08-27
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239