Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,240
CVE-linked
1,863
Programs
342
New This Week
20
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 657 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
CVE 2020 14179 on jira instance
U.S. Dept Of Defense Improper Authentication - Generic (CWE-287)
Medium
2021-02-18
email verification bypass
Algolia Improper Authentication - Generic (CWE-287)
Medium
2021-02-18
No rate Limit on Licenses Activation
Clario Business Logic Errors (CWE-840)
Medium
2021-02-18
Remote hacker can download all the files of master branch in public projects where everything is members only.
GitLab Improper Authentication - Generic (CWE-287)
Medium
2021-02-15
ArcGIS Rest Service linked to unsecured survey data
WHO COVID-19 Mobile App Authentication Bypass Using an Alternate Path or Channel (CWE-288)
Medium
2021-02-13
[Bypass #870709] Unauthorised access to pagespeed global admin at https://webtools.paloalto.com/
Palo Alto Software Improper Access Control - Generic (CWE-284)
Medium
2021-02-13
Html injection on ██████.informatica.com via search.html?q=1
Informatica Code Injection (CWE-94)
Medium
2021-02-12
Bypass Password Authentication to Update the Password
X / xAI Improper Authentication - Generic (CWE-287)
Medium
2021-02-12
Open Redirect on Login Page of Stocky App
Shopify Open Redirect (CWE-601)
Medium
2021-02-11
[sub.wordpress.com] - XSS when adjust block Poll - Confirmation Message - On submission:Redirect to another webpage - Redirect address:[xss_payload]
Automattic Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2021-02-11
XSS в обработчике ссылок
VK.com Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-02-11
Regular expression denial of service in ActiveRecord's PostgreSQL Money type
Ruby on Rails Uncontrolled Resource Consumption (CWE-400)CVE-2021-22880
Medium
2021-02-11
Reflect XSS and CSP Bypass on https://www.paypal.com/businesswallet/currencyConverter/
PayPal Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-02-10
Bypassed a fix to gain access to PII of more than 100 Officers
U.S. Dept Of Defense Information Disclosure (CWE-200)
Medium
2021-02-10
Register with non accepted email types on https://███████
U.S. Dept Of Defense Improper Authentication - Generic (CWE-287)
Medium
2021-02-10
PII Leak of ████████ Personal at https://www.█████████
U.S. Dept Of Defense Information Disclosure (CWE-200)
Medium
2021-02-10
Reflected XSS In https://███████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-02-10
assets/vendor.js file exposing sentry.io token and DNS and application id .
Omise Information Disclosure (CWE-200)
Medium
2021-02-09
Low privileged user can create high privileged user's KITCRM authorization token and can read and write message to KIT
Shopify Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2021-02-07
DoS for GCSArtifact.RealAll
Kubernetes Uncontrolled Resource Consumption (CWE-400)
Medium
2021-02-04
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609 $1,500
Nextcloud583
Shopify464
curl455
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239