Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,221
CVE-linked
1,854
Programs
342
New This Week
4
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
XSS via Mod Log Removed Posts
Reddit Cross-site Scripting (XSS) - Stored (CWE-79)
High
2022-03-10
Blind XSS on Twitter's internal Jira panel at ████ allows exfiltration of hackers reports and other sensitive data
X / xAI Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2022-02-12
Cross-site Scripting (XSS) - Stored | forum.acronis.com
Acronis Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2022-02-08
Stored Cross-site Scripting on devicelock.com/forum/
Acronis Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2022-02-08
Cross site scripting via file upload in subdomain ads.tiktok.com
TikTok Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2022-01-25
Stored XSS at https://linkpop.com
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2022-01-20
Cross-site Scripting (XSS) - Stored on ads.tiktok.com in Text field
TikTok Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2022-01-20
SSRF & Blind XSS in Gravatar email
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
High
2022-01-17
In orginization stored xss using location (Larksuite survey app)
Lark Technologies Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2022-01-14
Stored xss on helpdesk using user's city
Lark Technologies Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2022-01-14
Stored XSS on 1.4.0
ImpressCMS Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2020-17551
Medium
2021-12-18
Stored XSS in files.slack.com
Slack Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-12-02
Stored XSS in Email Templates via link
Judge.me Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-11-18
Stored XSS via Mermaid Prototype Pollution vulnerability
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-11-18
Stored XSS in profile page
Acronis Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-11-14
Stored XSS вирус в al_video.php?act=a_choose_video_box
VK.com Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-11-05
Stored XSS в m.vk.com/video
VK.com Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-11-05
Stored XSS in markdown via the DesignReferenceFilter
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2021-10-18
Stored unauth XSS in calendar event via CSRF
Concrete CMS Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2021-40108
Medium
2021-10-15
Stored XSS in Conversations (both client and admin) when Active Conversation Editor is set to "Rich Text"
Concrete CMS Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2021-40100
Medium
2021-10-04
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239