Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,247
CVE-linked
1,864
Programs
343
New This Week
16
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Remote vulnerabilities in spp
PlayStation Classic Buffer Overflow (CWE-120)CVE-2006-4304
High
2024-04-25
Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2024-27316
Medium
2024-04-24
RXSS in hidden parameter
IBM Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-04-23
Jira Credential Disclosure within Mozilla Slack
Mozilla Information Disclosure (CWE-200)
Critical
2024-04-23
CVE-2024-2398: HTTP/2 push headers memory-leak
Internet Bug Bounty CVE-2024-2398
Medium
2024-04-22
Denial of Service caused by HTTP/2 CONTINUATION Flood
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2024-24549
High
2024-04-22
Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting on cbconnection-stage.adobe.com
Adobe Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2024-04-22
Cleartext Transmission of password via Email
Sheer Cleartext Transmission of Sensitive Information (CWE-319)
Low
2024-04-22
Docker Secret Disclosure via GitHub Actions Cache Poisoning
Linux Foundation Decentralized Trust Information Disclosure (CWE-200)
High
2024-04-20
Login page password-guessing attack
Revive Adserver Violation of Secure Design Principles (CWE-657)CVE-2016-9124
Unknown
2024-04-19
Stored XSS in messages
SideFX Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2024-04-17
Incorrect logic when buy one more license which may lead to extend the expire date of existing license
PortSwigger Web Security Business Logic Errors (CWE-840)
Unknown
2024-04-16
Self XSS in Tag name pattern field /<username>/<reponame>/settings/tag_protection/new
GitHub Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2024-1084
Medium
2024-04-15
#1 XSS on watchdocs.indriverapp.com
inDrive Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2024-04-11
#2 XSS on watchdocs.indriverapp.com
inDrive Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-04-11
#3 XSS on watchdocs.indriverapp.com
inDrive Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2024-04-11
Unprotected Atlantis Server at https://152.70.█.█
8x8 Improper Authentication - Generic (CWE-287)
Medium
2024-04-11
"Assertion failed" in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2024-27983
High
2024-04-08
Intent Leads To Unauthorised Video Call Initiation Leaking Surrounding Informations Of Victim
Snapchat Privacy Violation (CWE-359)
Medium
2024-04-05
Reflected XSS on Pangle Endpoint
TikTok Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2024-04-05
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239