Affirm Program Statistics


View program

5 total issues disclosed

$4,500 total paid publicly

Most disclosed (1 disclosures) — Business Logic Errors



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
IDOR to view order information of users and personal information Insecure Direct Object Reference (IDOR) xfiltrer Medium 2021-12-06
Open Redirect Open Redirect litt1eb0y Low 2021-08-31
Subdomain takeover due to non registered TLD [ ██████████.█████.██████.com ] Improper Access Control - Generic 0xprial Low 2021-08-31
Subdomain takeover of www█████████.affirm.com Business Logic Errors ian Medium 2021-08-18
Absence of Token expiry leads to Unauthorized login Access Improper Authentication - Generic yogesh_ojha Critical 2020-12-01