Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,221
CVE-linked
1,854
Programs
342
New This Week
5
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: deptofdefense
Remote Code Execution (RCE) in a DoD website
U.S. Dept Of Defense Deserialization of Untrusted Data (CWE-502)CVE-2017-10366
Critical
2019-10-08
Remote Code Execution (RCE) in a DoD website
U.S. Dept Of Defense Deserialization of Untrusted Data (CWE-502)CVE-2017-10366
Critical
2019-10-08
Admin panel take over | User info leakage | Mass Comprimise
U.S. Dept Of Defense Authentication Bypass Using an Alternate Path or Channel (CWE-288)
Critical
2019-10-08
https://████████ Impacted by DNN ImageHandler SSRF
U.S. Dept Of Defense Server-Side Request Forgery (SSRF) (CWE-918)
Critical
2019-10-08
2 vulnerabilities of arbitrary code in ████████ - CVE-2017-5929
U.S. Dept Of Defense Deserialization of Untrusted Data (CWE-502)CVE-2017-5929
Critical
2019-10-08
Remote OS command Execution in the 3 more Oracle Weblogic on the ████████, ████, ███████ [CVE-2017-10352]
U.S. Dept Of Defense OS Command Injection (CWE-78)CVE-2017-10352
Critical
2019-10-08
XXE in DoD website that may lead to RCE
U.S. Dept Of Defense XML External Entities (XXE) (CWE-611)
Critical
2019-10-04
Remote Code Execution (RCE) in a DoD website
U.S. Dept Of Defense Code Injection (CWE-94)
Critical
2019-10-04
[Critical] Possibility to takeover any user account #2 without interaction on the https://██████████
U.S. Dept Of Defense Privilege Escalation (CAPEC-233)
Critical
2019-10-04
Root Remote Code Execution on https://███
U.S. Dept Of Defense Code Injection (CWE-94)CVE-2019-11580
Critical
2019-10-04
Trace.axd page leaks sensitive information
U.S. Dept Of Defense Information Exposure Through Debug Information (CWE-215)
Critical
2019-08-19
RCE on █████ via CVE-2017-10271
U.S. Dept Of Defense Code Injection (CWE-94)CVE-2017-10271
Critical
2019-07-01
Access to all █████████ files, including CAC authentication bypass
U.S. Dept Of Defense Insecure Direct Object Reference (IDOR) (CWE-639)
Critical
2019-04-08
███████ Site Exposes █████████ forms
U.S. Dept Of Defense Insecure Direct Object Reference (IDOR) (CWE-639)
Critical
2019-04-05
SOAP WSDL Parser SQL Code Execution
U.S. Dept Of Defense SQL Injection (CWE-89)
Critical
2019-01-16
Remote Code Execution (RCE) in DoD Websites
U.S. Dept Of Defense Code Injection (CWE-94)CVE-2013-2165
Critical
2018-04-17
Remote Code Execution (RCE) in a DoD website
U.S. Dept Of Defense Deserialization of Untrusted Data (CWE-502)CVE-2017-10366
Critical
2018-04-17
SSRF+XSS
U.S. Dept Of Defense Information Disclosure (CWE-200)
Critical
2018-04-17
Information Disclosure
U.S. Dept Of Defense Information Disclosure (CWE-200)CVE-2017-9506
Critical
2018-04-17
Information disclosure vulnerability on a DoD website
U.S. Dept Of Defense Information Disclosure (CWE-200)
Critical
2017-08-15
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239