Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,250
CVE-linked
1,864
Programs
343
New This Week
8
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Users able to set video url for unpublished words and able to see the name of unpublished words
Urban Dictionary Information Disclosure (CWE-200)
Low
2019-03-02
User uploaded portfolio files can be accessed by any user even after deleted
Mavenlink Insecure Direct Object Reference (IDOR) (CWE-639)
Low
2019-02-27
DOM Based XSS in www.hackerone.com via PostMessage
HackerOne Cross-site Scripting (XSS) - DOM (CWE-79)
Low
2019-02-21
A small set of users were assigned someone else's payout preference
HackerOne Privacy Violation (CWE-359)
Low
2019-02-20
Cross-site Scripting (XSS) on HackerOne careers page
HackerOne Cross-site Scripting (XSS) - DOM (CWE-79)
Low
2019-02-17
report id is exposed for undisclosed reports in Hacktivity
HackerOne Information Disclosure (CWE-200)
Low
2019-02-16
Open Redirect On Your Login Panel
Eternal Open Redirect (CWE-601)
Low
2019-02-14
DMARC RECORD MISSING
Brave Software
Low
2019-02-13
Information Exposure Through Directory Listing vulnerability on 8 vcache**.usw2.snappytv.com websites
X / xAI Information Exposure Through Directory Listing (CWE-548)
Low
2019-02-11
Missing CSRF Token On Remove Coupun From Cart
Starbucks Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2019-02-08
Disclosure of h1 challenges name through the calendar
HackerOne Information Disclosure (CWE-200)
Low
2019-01-30
Response program can display "eligible for bounty" in scope area in program policy
HackerOne Business Logic Errors (CWE-840)
Low
2019-01-30
Improper validation allows user to unlock Zomato Gold multiple times at the same restaurant within one day
Eternal Business Logic Errors (CWE-840)
Low
2019-01-28
IDOR in activateFuelCard id allows bulk lookup of driver uuids
Uber Insecure Direct Object Reference (IDOR) (CWE-639)
Low
2019-01-25
Bypass GraphQL rate limit by abusing negative cost queries
Shopify Business Logic Errors (CWE-840)
Low
2019-01-24
Deleting other people's comments on ModeratorMessages
Valve Improper Authentication - Generic (CWE-287)
Low
2019-01-23
Missing CSRF Token On Add Coupon To Basket
Starbucks Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2019-01-22
No Rate On Add Suggest
Weblate Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
Low
2019-01-22
Changing email address on Twitter for Android unsets "Protect your Tweets"
X / xAI Privacy Violation (CWE-359)
Low
2019-01-18
No Rate Limit On Add new word
Weblate Business Logic Errors (CWE-840)
Low
2019-01-14
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl459
Node.js third-party modules307
GitLab258
X / xAI250 $7,000
Uber239