Browse publicly disclosed writeups from HackerOne sorted by vulnerability type. Discover which vulnerabilities are most commonly found on which programs to help aid you in your hunt.

total disclosed

total publicly paid out

Most Disclosed

Programs that disclosure

Top Bounties

Disclosed by vulnerability type

None supplied (913 disclosures)

Cross-site Scripting (XSS) - Generic (872 disclosures)

Information Disclosure (822 disclosures)

Violation of Secure Design Principles (649 disclosures)

Improper Authentication - Generic (553 disclosures)

Cross-Site Request Forgery (CSRF) (348 disclosures)

Cross-site Scripting (XSS) - Stored (309 disclosures)

Denial of Service (299 disclosures)

Privilege Escalation (276 disclosures)

Open Redirect (223 disclosures)

Cross-site Scripting (XSS) - Reflected (222 disclosures)

Improper Access Control - Generic (197 disclosures)

Code Injection (167 disclosures)

SQL Injection (165 disclosures)

Command Injection - Generic (153 disclosures)

Memory Corruption - Generic (150 disclosures)

Cryptographic Issues - Generic (145 disclosures)

Business Logic Errors (143 disclosures)

Insecure Direct Object Reference (IDOR) (132 disclosures)

Server-Side Request Forgery (SSRF) (120 disclosures)

UI Redressing (Clickjacking) (97 disclosures)

Cross-site Scripting (XSS) - DOM (94 disclosures)

Path Traversal (90 disclosures)

Brute Force (40 disclosures)

Privacy Violation (35 disclosures)

HTTP Request Smuggling (28 disclosures)

OS Command Injection (26 disclosures)

XML External Entities (XXE) (22 disclosures)

Heap Overflow (22 disclosures)

Improper Authorization (21 disclosures)