Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,222
CVE-linked
1,855
Programs
342
New This Week
3
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Stored XSS/HTML injection in autocomplete suggestions for sharing
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-06-27
Stored - XSS
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-05-28
Cross Site Scripting at https://app.oberlo.com/
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-05-26
Stored XSS on www.starbucks.com.sg/careers/career-center/career-landing-*
Starbucks Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-04-10
[FG-VD-19-022] Wordpress WooCommerce Cross-Site Scripting Vulnerability Notification
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-04-06
Stored XSS on imgur profile
Imgur Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-03-02
Stored XSS in the guide's GameplayVersion (www.dota2.com)
Valve Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-01-07
Kaspersky Password Manager is vulnerable to HTML injection in the browser action pop-up via user name
Kaspersky Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-12-24
XSS in ubermovement.com via editable Google Sheets
Uber Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-12-19
Stored XSS in '' Section and WAF Bypass
Semrush Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-12-07
IE only: stored Cross-Site Scripting (XSS) vulnerability through Program Asset identifier
HackerOne Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-11-27
[tianma-static] Stored xss on filename
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2018-16474
Medium
2018-11-02
Stored XSS in chat topic due to insecure emoticon parsing on any message type
Chaturbate Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-11-01
[serve] Stored XSS in the filename when directories listing
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-10-19
[serve] XSS via HTML tag injection in directory lisiting page
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-10-19
Persistent XSS via malicious license file
ExpressionEngine Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-09-28
XSS (stored) Wizard is saving executable code
Rocket.Chat Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-09-27
Persistent XSS - Deleting a project (No Longer Vulnerable in 10.7)
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-09-20
Stored XSS against all Chaturbate users using an application name
Chaturbate Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-09-19
Stored 'undefined' Cross-site Scripting
Khan Academy Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2018-09-05
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl440
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239