Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,222
CVE-linked
1,855
Programs
342
New This Week
5
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
("possible") UAF
curl Memory Corruption - Generic (CWE-119)
None
2025-02-08
Error Page Content Spoofing or Text Injection
XVIDEOS Violation of Secure Design Principles (CWE-657)
Unknown
2025-02-07
CVE-2024-53908: Django Potential SQL injection in `HasKey(lhs, rhs)` on Oracle
Internet Bug Bounty SQL Injection (CWE-89)CVE-2024-53908
High
2025-02-07
CVE-2025-0167: netrc and default credential leak
curl LLM06: Sensitive Information Disclosure CVE-2025-0167CVE-2024-11053
Low
2025-02-07
CVE-2025-0665: eventfd double close
curl Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)CVE-2025-0665
Low
2025-02-07
Error Page Content Spoofing or Text Injection
XVIDEOS Violation of Secure Design Principles (CWE-657)
Low
2025-02-06
CVE-2024-56374 Potential denial-of-service in IPv6 validation
Internet Bug Bounty Allocation of Resources Without Limits or Throttling (CWE-770)CVE-2024-56374
Medium
2025-02-06
XSS on using the legacy "Graphie To Png" API
Khan Academy Cross-site Scripting (XSS) - DOM (CWE-79)
Critical
2025-02-06
Open redirect
XVIDEOS Open Redirect (CWE-601)
None
2025-02-06
[CVE-2024-54133] Possible Content Security Policy bypass in Action Dispatch
Internet Bug Bounty Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2024-54133
Low
2025-02-06
ActionView sanitize helper bypass with 'style' and 'svg' tags
Internet Bug Bounty Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2025-02-06
ActionView sanitize helper bypass with noscript
Internet Bug Bounty Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2025-02-06
ActionView sanitize helper bypass with style
Internet Bug Bounty Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2025-02-06
ActionView sanitize helper bypass with style and math
Internet Bug Bounty
Medium
2025-02-06
#2931639 ActionView sanitize helper bypass with math-related tags
Internet Bug Bounty Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2025-02-06
GOAWAY HTTP/2 frames cause memory leak outside heap
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2025-23085
Medium
2025-02-06
curl allows SSH connection even if host is not in known_hosts
curl Improper Certificate Validation (CWE-295)
High
2025-02-05
CVE-2024-45230 - Potential denial-of-service in django.utils.html.urlize() (Another pattern)
Internet Bug Bounty Allocation of Resources Without Limits or Throttling (CWE-770)CVE-2024-45230
Medium
2025-02-05
Weak credentials found in Jenkins endpoint
IBM
Critical
2025-02-05
CVE-2025-0725: gzip integer overflow
curl Integer Overflow to Buffer Overflow (CWE-680)CVE-2025-0725
Low
2025-02-05
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239