Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,250
CVE-linked
1,864
Programs
343
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Stored XSS (Hexo-admin plugin)
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2020-01-11
Version problem in wordpress leads to the many vulnearability
Nord Security CVE-2019-9787CVE-2019-16222CVE-2019-16219CVE-2019-17674CVE-2019-17671CVE-2019-17672CVE-2019-17673CVE-2019-17669CVE-2019-17670CVE-2019-17675
Low
2020-01-10
DoS of https://nordvpn.com/ via CVE-2018-6389 exploitation
Nord Security CVE-2018-6389
Low
2020-01-08
[atlasboard-atlassian-package] Cross-site Scripting (XSS)
Node.js third-party modules Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2020-01-04
XSS (leads to arbitrary file read in Rocket.Chat-Desktop)
Rocket.Chat Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2020-01-02
Clickjacking in the admin page
Rocket.Chat UI Redressing (Clickjacking) (CAPEC-103)
Low
2020-01-02
Stored XSS in Shopify Chat
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2019-12-23
SSO through odnoklassniki uses http rather than https
Bumble Cleartext Transmission of Sensitive Information (CWE-319)
Low
2019-12-21
Redirection through referer tag
Stripo Inc
Low
2019-12-18
Camo Image Proxy Bypass with CSS Escape Sequences
Chaturbate Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150)
Low
2019-12-18
IDOR in Bugs overview enables attacker to determine the date range a hackathon was active
HackerOne Insecure Direct Object Reference (IDOR) (CWE-639)
Low
2019-12-13
Head pipeline leaked to unauthorized users via blocking merge request feature
GitLab Improper Access Control - Generic (CWE-284)CVE-2019-15580
Low
2019-12-13
Private System Note Disclosure using GraphQL
GitLab Information Disclosure (CWE-200)CVE-2019-15576
Low
2019-12-13
Project Milestones Disclosed Via Groups When the Victim disabled milestones access in project settings
GitLab Information Disclosure (CWE-200)CVE-2019-15577
Low
2019-12-13
Мини-уязвимость в обработке ссылок
VK.com
Low
2019-12-10
XSS on product comments in transfers
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2019-12-09
Reflected XSS in https://lite.pubg.com
PUBG Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2019-12-09
Reflected XSS in pubg.com
PUBG Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2019-12-09
Staging Rabbitmq instance is exposed to the internet with default credentials
Unikrn Improper Authentication - Generic (CWE-287)
Low
2019-12-09
CSRF vulnerability that allows an attacker to modify encryption settings
Nextcloud Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2019-12-07
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl459
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239