Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,226
CVE-linked
1,856
Programs
342
New This Week
7
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 657 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
index.php/apps/files_sharing/shareinfo endpoint is not properly protected
Nextcloud Uncontrolled Resource Consumption (CWE-400)CVE-2021-32703
Medium
2021-08-11
Download of file with arbitrary extension via injection into attachment header
Nextcloud Code Injection (CWE-94)CVE-2021-32679
Medium
2021-08-11
Password reset token leak on third party website via Referer header
UPchieve Storing Passwords in a Recoverable Format (CWE-257)
Medium
2021-08-10
Webauthn tokens are not removed on user deletion
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2021-32726
Medium
2021-08-07
Loading YAML in Java client can lead to command execution
Kubernetes Deserialization of Untrusted Data (CWE-502)CVE-2021-25738
Medium
2021-08-07
CVE-2020-3452 - unauthenticated file read on anyconnect.routematch.com
Uber Path Traversal (CWE-22)CVE-2020-3452
Medium
2021-08-05
Partial report contents leakage - via HTTP/2 concurrent stream handling
HackerOne Information Disclosure (CWE-200)
Medium
2021-08-05
Mishandling of hackerone clear background checks resulting in disclosure of other hacker's information
HackerOne Off-by-one Error (CWE-193)
Medium
2021-08-05
Bypass Rate Limits on app.snapchat.com API Endpoint via X-Forwarded-For Header
Snapchat Business Logic Errors (CWE-840)
Medium
2021-08-04
Private application files can be uploaded to Slack via malicious uploader
Slack Information Disclosure (CWE-200)
Medium
2021-08-04
Bitmoji source code is accessible
Snapchat Information Exposure Through Directory Listing (CWE-548)
Medium
2021-07-31
DNS Misconfiguration (Subdomain Takeover) - █████████.8x8.com
8x8 Privilege Escalation (CAPEC-233)
Medium
2021-07-30
Bypassing Content-Security-Policy leads to open-redirect and iframe xss
Stripo Inc Open Redirect (CWE-601)
Medium
2021-07-30
SQL injection my method -1 OR 3*2*1=6 AND 000159=000159
U.S. Dept Of Defense Code Injection (CWE-94)
Medium
2021-07-29
XSS DUE TO CVE-2020-3580
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2020-3580
Medium
2021-07-29
XSS DUE TO CVE-2020-3580
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2020-3580
Medium
2021-07-29
Reflected XSS - https://███
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-07-29
XSS Reflected on https://███ (███ parameter)
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-07-29
xss on https://███████(█████████ parameter)
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-07-29
xss reflected on https://███████- (███ parameters)
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-07-29
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl442
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239