Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,250
CVE-linked
1,864
Programs
343
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
XSS on ecommerce.shopify.com
Shopify Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-09-06
Stored XSS On Statement
Gratipay Cross-site Scripting (XSS) - Generic (CWE-79)
High
2015-09-03
Reflected XSS in chat.
Shopify Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-09-02
XSS https://www.shopify.com/signup
Shopify Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-08-31
No CSRF protection when creating new community points actions, and related stored XSS
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-08-26
XSS https://delivery.shopifyapps.com/ (Digital Downloads App in myshopify.com)
Shopify Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-08-24
XSS - Gallery Search Listing
Zaption Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-08-12
Reflected XSS in chat
Shopify Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-08-11
XSS in Search Communities Function
Informatica Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2015-07-31
Bulk Discount App in myshopify.com exposes http://bulkdiscounts.shopifyapps.com vulnerable to XSS
Shopify Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-23
XSS in Myshopify Admin Site in DISCOUNTS
Shopify Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-20
xss profile
Udemy Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-16
Multiple XSS Vulnerabilities in Concrete5 5.7.3.1
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-15
Cross site scripting
Enter Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-12
xss on autoserch
Udemy Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-08
Self Xss on File Replace
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-08
Stored XSS on Blog's page Tile
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-08
Stored XSS in Image Alt. Text
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-08
Stored XSS in Message to Display When No Pages Listed.
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-08
Stored XSS in Bio/Quote
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-08
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl459
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239