Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,222
CVE-linked
1,855
Programs
342
New This Week
3
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
[h1-2006 2020] Writeup h12006 CTF
h1-ctf Privilege Escalation (CAPEC-233)
High
2020-06-19
Unauthorised Account Detail Modification
Khan Academy Improper Access Control - Generic (CWE-284)
High
2020-06-19
[sapper] Path Traversal
Node.js third-party modules Path Traversal (CWE-22)
High
2020-06-18
[wappalyzer] ReDoS allows an attacker to completely break Wappalyzer
Node.js third-party modules Uncontrolled Resource Consumption (CWE-400)
High
2020-06-18
SAML authentication bypass
Rocket.Chat Improper Authentication - Generic (CWE-287)
High
2020-06-18
[H1-2006 2020] Solution for the h1-2006 CTF challenge
h1-ctf Privilege Escalation (CAPEC-233)
High
2020-06-18
unpermitted user can change the device name of admin account
Helium
High
2020-06-16
DOM XSS on duckduckgo.com search
DuckDuckGo
High
2020-06-14
Local Privilege escalation to root via XPC
Clario Privilege Escalation (CAPEC-233)
High
2020-06-14
DOM BASED XSS ON https://www.rockstargames.com/GTAOnline/features
Rockstar Games Cross-site Scripting (XSS) - DOM (CWE-79)
High
2020-06-12
DOM Based xss on https://www.rockstargames.com/ ( 1 )
Rockstar Games Cross-site Scripting (XSS) - DOM (CWE-79)
High
2020-06-12
Warehouse dom based xss may lead to Social Club Account Taker Over.
Rockstar Games Cross-site Scripting (XSS) - DOM (CWE-79)
High
2020-06-11
Account takeover through CSRF in http://███████/██████████/default.asp
U.S. Dept Of Defense Cross-Site Request Forgery (CSRF) (CWE-352)
High
2020-06-11
Unrestricted File Upload to ███████SubmitRequest/Index.cfm?fwa=wizardform
U.S. Dept Of Defense Violation of Secure Design Principles (CWE-657)
High
2020-06-11
Stored XSS agent_status
8x8 Cross-site Scripting (XSS) - Stored (CWE-79)
High
2020-06-09
Bypass Email activation on http://axa.dxi.eu
8x8 Improper Access Control - Generic (CWE-284)
High
2020-06-09
Sensitive data disclosure via exposed phpunit file
8x8 Information Disclosure (CWE-200)
High
2020-06-09
Open TURN relay abuse is possible due to lack of peer access control (Critical)
8x8 Server-Side Request Forgery (SSRF) (CWE-918)
High
2020-06-08
SSRF on project import via the remote_attachment_url on a Note
GitLab Server-Side Request Forgery (SSRF) (CWE-918)
High
2020-06-07
HTTP Request Smuggling
Brave Software HTTP Request Smuggling (CWE-444)
High
2020-06-04
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl440
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239