Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,222
CVE-linked
1,855
Programs
342
New This Week
3
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Wrong settings in ADF Faces leads to information disclosure
U.S. Dept Of Defense Information Disclosure (CWE-200)
High
2022-01-19
Dom Xss vulnerability
Recorded Future Cross-site Scripting (XSS) - DOM (CWE-79)
High
2022-01-19
SSRF & Blind XSS in Gravatar email
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
High
2022-01-17
SQL Injection and plaintext passwords via User Search
IBM SQL Injection (CWE-89)
High
2022-01-14
Deserialization of potentially malicious data to RCE
Django Deserialization of Untrusted Data (CWE-502)CVE-2021-33026
High
2022-01-14
Bug Report : [ No Valid SPF Records ]
Ruby
High
2022-01-13
Account Takeover via SMS Authentication Flow
Zenly Improper Authentication - Generic (CWE-287)
High
2022-01-12
Clickjacking to change email address
Gener8 UI Redressing (Clickjacking) (CAPEC-103)
High
2022-01-12
Subdomain takeover of images.crossinstall.com
X / xAI Business Logic Errors (CWE-840)
High
2022-01-05
Buffer overflow in req_parsebody method in lua_request.c
Internet Bug Bounty Heap Overflow (CWE-122)CVE-2021-44790
High
2022-01-04
Improper authorization allows disclosing users' notification data in Notification channel server
LY Corporation Improper Authorization (CWE-285)
High
2021-12-31
Выполнение API-методов при открытии сообщества/приложения
VK.com Privilege Escalation (CAPEC-233)
High
2021-12-30
Developer uploaded files missing authentication on LINE GAME Developers site(gdc.game.line.me)
LY Corporation Improper Access Control - Generic (CWE-284)
High
2021-12-27
LINE Profile ID leaks in OpenChat
LY Corporation
High
2021-12-27
Cache Poisoning DoS on downloads.exodus.com
Exodus Uncontrolled Resource Consumption (CWE-400)
High
2021-12-22
Cache poisoning Denial of Service affecting assets.gitlab-static.net
GitLab Uncontrolled Resource Consumption (CWE-400)
High
2021-12-22
Просмотр закрытых фотографий
VK.com Information Disclosure (CWE-200)
High
2021-12-15
Zero day path traversal vulnerability in Grafana 8.x allows unauthenticated arbitrary local file read
Aiven Ltd Path Traversal (CWE-22)
High
2021-12-14
Universal Cross-Site Scripting vulnerability
Proctorio Cross-site Scripting (XSS) - Generic (CWE-79)
High
2021-12-14
[dubsmash] Long String in 'shoutout' Parameter Leading Internal server Error on Popular hastags , Community and User Profile
Reddit Uncontrolled Resource Consumption (CWE-400)
High
2021-12-13
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl440
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239