Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,247
CVE-linked
1,864
Programs
343
New This Week
25
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Html Injection and Possible XSS via MathML
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Critical
2019-09-03
OS Command Injection in Nexus Repository Manager 2.x
Central Security Project OS Command Injection (CWE-78)CVE-2019-5475
Critical
2019-08-20
Trace.axd page leaks sensitive information
U.S. Dept Of Defense Information Exposure Through Debug Information (CWE-215)
Critical
2019-08-19
accounts.informatica.com - RCE due to exposed Groovy console
Informatica Code Injection (CWE-94)
Critical
2019-08-14
Potential pre-auth RCE on Twitter VPN
X / xAI OS Command Injection (CWE-78)CVE-2019-11510CVE-2019-11542CVE-2019-11539CVE-2019-11538CVE-2019-11508CVE-2019-11540
Critical
2019-08-10
Public Github Repo Leaking Internal Credentials Leading To DiscoveryIQ Docker Access
Informatica Information Disclosure (CWE-200)
Critical
2019-08-06
SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database
Starbucks SQL Injection (CWE-89)
Critical
2019-08-06
Handling of `tracking` command allows making arbitrary blind requests with user's cookies from Grammarly Extension's origin
Superhuman (formerly Grammarly)
Critical
2019-08-01
Privilege Escalation удаляем все созданные ссылки с okl.lt
ok.ru Privilege Escalation (CAPEC-233)
Critical
2019-07-23
[okl.lt] Раскрытие администраторских функций в .js + Возможность использования этих функций.
ok.ru Privilege Escalation (CAPEC-233)
Critical
2019-07-23
Blind SQLi leading to RCE, from Unauthenticated access to a test API Webservice
Starbucks SQL Injection (CWE-89)
Critical
2019-07-22
Arbitrary SQL command injection
Nextcloud SQL Injection (CWE-89)CVE-2019-5476
Critical
2019-07-21
Local files could be overwritten in GitLab, leading to remote command execution
GitLab Command Injection - Generic (CWE-77)
Critical
2019-07-17
OLO Total price manipulation using negative quantities
Upserve Business Logic Errors (CWE-840)
Critical
2019-07-06
Zero-amount miner TX + RingCT allows monero wallet to receive arbitrary amount of monero
Monero Resource Injection (CWE-99)
Critical
2019-07-03
Remote P2P DoS
Monero
Critical
2019-07-03
RCE on █████ via CVE-2017-10271
U.S. Dept Of Defense Code Injection (CWE-94)CVE-2017-10271
Critical
2019-07-01
Remote Code Execution through Deserialization Attack in OwnBackup app.
ownCloud Deserialization of Untrusted Data (CWE-502)
Critical
2019-07-01
Expired reshare links allow access to all files in share
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2020-8121
Critical
2019-06-27
Remote Code Execution on www.semrush.com/my_reports on Logo upload
Semrush Command Injection - Generic (CWE-77)
Critical
2019-06-24
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239