Browse publicly disclosed writeups from HackerOne sorted by vulnerability type. Discover which vulnerabilities are most commonly found on which programs to help aid you in your hunt.

total disclosed

total publicly paid out

Most Disclosed

Programs that disclosure

Top Bounties

Disclosed by vulnerability type

None supplied (923 disclosures)

Cross-site Scripting (XSS) - Generic (872 disclosures)

Information Disclosure (827 disclosures)

Violation of Secure Design Principles (650 disclosures)

Improper Authentication - Generic (555 disclosures)

Cross-Site Request Forgery (CSRF) (348 disclosures)

Cross-site Scripting (XSS) - Stored (309 disclosures)

Denial of Service (300 disclosures)

Privilege Escalation (276 disclosures)

Cross-site Scripting (XSS) - Reflected (228 disclosures)

Open Redirect (224 disclosures)

Improper Access Control - Generic (204 disclosures)

Code Injection (167 disclosures)

SQL Injection (166 disclosures)

Command Injection - Generic (156 disclosures)

Memory Corruption - Generic (150 disclosures)

Business Logic Errors (146 disclosures)

Cryptographic Issues - Generic (145 disclosures)

Insecure Direct Object Reference (IDOR) (135 disclosures)

Server-Side Request Forgery (SSRF) (125 disclosures)

Cross-site Scripting (XSS) - DOM (99 disclosures)

UI Redressing (Clickjacking) (97 disclosures)

Path Traversal (92 disclosures)

Brute Force (40 disclosures)

Privacy Violation (35 disclosures)

HTTP Request Smuggling (28 disclosures)

OS Command Injection (26 disclosures)

XML External Entities (XXE) (22 disclosures)

Heap Overflow (22 disclosures)

CRLF Injection (22 disclosures)