Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,232
CVE-linked
1,859
Programs
342
New This Week
13
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 657 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Heap overflow happen when receiving short length key from ssh server using ssh protocol 1
PuTTY (European Commission - DIGIT) Heap Overflow (CWE-122)
High
2019-09-20
Mailsploit: a sender spoofing bug in over 30 email clients
Internet Bug Bounty User Interface (UI) Misrepresentation of Critical Information (CWE-451)
High
2019-09-19
Information Disclosure through Sentry Instance ███████
Eternal Information Exposure Through Debug Information (CWE-215)
High
2019-09-19
AppLovin API Key hardcoded in a Github repo
X / xAI Cleartext Storage of Sensitive Information (CWE-312)
High
2019-09-18
DoS through PeerExplorer
Rootstock Labs Uncontrolled Resource Consumption (CWE-400)
High
2019-09-18
Malformed playlist.txt in GoldSrc games leads to Access Violation & arbitrary code execution
Valve Stack Overflow (CWE-121)
High
2019-09-17
User-assisted RCE in Slack for macOS (from official site) due to improper quarantine meta-attribute handling for downloaded files
Slack
High
2019-09-14
ZeroMQ libzmq remote code execution
Internet Bug Bounty Memory Corruption - Generic (CWE-119)CVE-2019-6250
High
2019-09-12
Apache HTTP [2.4.17-2.4.38] Local Root Privilege Escalation
Internet Bug Bounty Privilege Escalation (CAPEC-233)CVE-2019-0211CVE-2019-6977
High
2019-09-11
Linux kernel: CVE-2017-1000112: a memory corruption due to UFO to non-UFO path switch
Internet Bug Bounty Memory Corruption - Generic (CWE-119)CVE-2017-1000112
High
2019-09-11
Linux kernel: CVE-2017-7308: a signedness issue in AF_PACKET sockets
Internet Bug Bounty Memory Corruption - Generic (CWE-119)CVE-2017-7308
High
2019-09-11
Industry-Wide MITM Vulnerability Impacting the JVM Ecosystem
Internet Bug Bounty Man-in-the-Middle (CWE-300)
High
2019-09-10
[bower] Arbitrary File Write through improper validation of symlinks while package extraction
Internet Bug Bounty Path Traversal (CWE-22)CVE-2019-5484
High
2019-09-10
Steal collateral during `end` process, by earning DSR interest after `flow`.
BlockDev Sp. Z o.o Business Logic Errors (CWE-840)
High
2019-09-09
Sensitive user information disclosure at bonjour.uber.com/marketplace/_rpc via the 'userUuid' parameter
Uber Information Disclosure (CWE-200)
High
2019-09-09
Insecure Zendesk SSO implementation by generating JWT client-side
Trint Ltd Password in Configuration File (CWE-260)
High
2019-09-08
Stored XSS in Wiki pages
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-5467
High
2019-09-02
User Editable nextcloud Wiki pages of Public Repositories
Nextcloud
High
2019-08-31
URL Advisor component in KIS products family is vulnerable to Universal XSS
Kaspersky Cross-site Scripting (XSS) - Generic (CWE-79)
High
2019-08-28
Subdomain takeover of datacafe-cert.starbucks.com
Starbucks Privilege Escalation (CAPEC-233)
High
2019-08-28
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud583
Shopify464
curl447
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239