Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,221
CVE-linked
1,854
Programs
342
New This Week
7
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Open Akamai ARL XSS on http://media.████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-07-26
Reflected XSS of media.indrive.com
inDrive Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-07-02
Reflected xss on ████████
Mars Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-06-25
[HTAF4-213] [Pre-submission] XSS via arbitrary cookie name at the https://www2.██████/nssi/core/dot_stu_reg/Registration.aspx
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-06-18
Reflected XSS via Keycloak on ███ [CVE-2021-20323]
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2021-20323
Medium
2024-05-03
reflected xss [CVE-2020-3580]
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2020-3580
Medium
2024-05-03
Reflected Cross-site Scripting via search query on ██████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-05-03
Reflected XSS on error message on Login Page
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-05-03
Reflected XSS via Moodle on ███ [CVE-2022-35653]
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2022-35653
Medium
2024-05-03
RXSS in hidden parameter
IBM Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-04-23
#2 XSS on watchdocs.indriverapp.com
inDrive Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-04-11
Xss - ███
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-03-22
Xss Parameter: /<s>/[*]/<s>.css ████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-03-22
Parâmetro XSS: Nome de usuário - █████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-03-22
Reflective Cross Site Scripting (XSS) on ███████/Pages
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2017-0255
Medium
2024-03-22
XSS Refelected on jazz.net
IBM Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-02-29
CSP bypass on PortSwigger.net using Google script resources
PortSwigger Web Security Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-02-18
XSS in Subdomain of DuckDuckGo
DuckDuckGo Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-02-01
XSS on terra-6.indriverapp.com
inDrive Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-01-29
Reflected XSS On [https://www-useast1a.tiktok.com/ug/incentive/share/hd]
TikTok Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-01-12
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239 $9,895