Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports

12,253

CVE-linked

1,865

Programs

343

New This Week

Severity: All Critical High Medium Low

Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 654 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375

Mailgun misconfiguration on email.bitwarden.com

Bitwarden Business Logic Errors (CWE-840)

Low

2017-10-27

User Enumeration

Infogram Information Disclosure (CWE-200)

Low

2017-10-27

Missing robots exclusion header for user uploads

IRCCloud Improper Access Control - Generic (CWE-284)

Low

2017-10-27

Cross-domain linkability when system time changed in Tor Browser

Tor Privacy Violation (CWE-359)

Low

2017-10-26

Fake mailing reports using mail service on [URL : mail-txn.identity.com]

Inflection

Low

2017-10-25

Privilege Escalation.

Inflection Privilege Escalation (CAPEC-233)

Low

2017-10-24

Preferred language option fingerprinting issue in Tor Browser

Tor Information Disclosure (CWE-200)

Low

2017-10-24

stack overflow #6 in libsass