Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,221
CVE-linked
1,854
Programs
342
New This Week
6
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
XSS via /api/v1/chat.postMessage
Rocket.Chat Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2024-08-10
Stored XSS on LinkedIn App via iframe tag in Article
LinkedIn Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2024-02-28
Cross-site scripting on dashboard2.omise.co
Omise Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2022-05-24
Blind XSS on Twitter's internal Jira panel at ████ allows exfiltration of hackers reports and other sensitive data
X / xAI Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2022-02-12
Stored XSS in markdown via the DesignReferenceFilter
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2021-10-18
Blind XSS on Twitter's internal Big Data panel at █████████████
X / xAI Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2021-07-09
Account takeover via XSS
Rocket.Chat Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2021-03-31
Blind Stored XSS Payload fired at the backend on https://█████████/
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2021-03-24
Blind Stored XSS on ███████ leads to takeover admin account
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2021-03-11
[manage.jumpbikes.com] Blind XSS on Jump admin panel via user name
Uber Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2021-02-23
XSS in message attachment fileds.
Rocket.Chat Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2020-8288
Critical
2021-01-17
Blind XSS on image upload
CS Money Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2020-12-26
HEY.com email stored XSS
Basecamp Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2020-10-27
Multiple XSS on account settings that can hijack any users in the company.
X / xAI Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2019-04-01
Stored XSS in Private Message component (BuddyPress)
WordPress Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2019-03-08
XSS in steam react chat client
Valve Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2019-01-07
XSS-уязвимость, связанная с загрузкой файлов
VK.com Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2018-08-02
Очень жесткая XSS в личных сообщениях m.ok.ru
ok.ru Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2018-06-30
[metascraper] Stored XSS in Open Graph meta properties read by metascrapper
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2018-3773
Critical
2018-03-28
новенькое (старенькое upgreid) хакерство: делаем демократию во всем в контакте (XSS - на англиском)
VK.com Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2018-03-04
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239