Algolia


30 total issues disclosed

$5,600 total paid publicly


Most disclosed (10 disclosures) — Cross-site Scripting (XSS) - Generic

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Information disclosure -> 2fa bypass -> POST exploitation Information Disclosure akashhamal0x01 Medium 2021-09-08
Information disclosure via a misconfigured third-party product Information Disclosure h4x0r_dz High 2021-03-03
email verification bypass Improper Authentication - Generic akashhamal0x01 Medium 2021-02-18
Directory traversal at https://msg.algolia.com Path Traversal n00bsec Medium 2018-06-09
Text injection on status.algolia.com Violation of Secure Design Principles sh3r1 Low 2017-08-25
SAUCE Access_key and User_name leaked in Travis CI build logs Information Disclosure an0n-j Medium 2017-07-12
An “algobot”-s GitHub access token was leaked Information Disclosure sainaen Medium 2017-06-10
[GitHub Extension] Unsanitised HTML leading to XSS on GitHub.com Cross-site Scripting (XSS) - DOM ysx High 2017-04-24
[github.algolia.com] DOM Based XSS github-btn.html Cross-site Scripting (XSS) - Generic bobrov Medium 2017-03-31
No rate limit for Referral Program Violation of Secure Design Principles madxcmg No rating 2017-03-12
Reflected XSS Cross-site Scripting (XSS) - Generic no_thing No rating 2017-02-11
2-factor authentication bypass Improper Authentication - Generic malcolmx No rating 2017-01-17
Unauthorized team members can leak information and see all API calls through /1/admin/* endpoints, even after they have been removed. Improper Authentication - Generic eboda No rating 2016-11-27
Possilbe Sub Domain takever at prestashop.algolia.com None supplied punkrock No rating 2016-11-04
Hyperlink Injection in Friend Invitation Emails Open Redirect corb3nik No rating 2016-10-07
RCE on facebooksearch.algolia.com Code Injection michiel No rating 2016-10-01
Stored xss Cross-site Scripting (XSS) - Generic rishi62 No rating 2016-09-07
Stored XSS from Display Settings triggered on Save and viewing realtime search demo Cross-site Scripting (XSS) - Generic ctee No rating 2016-09-07
Stored XSS triggered by json key during UI generation Cross-site Scripting (XSS) - Generic ctee No rating 2016-09-07
No Rate Limit In Inviting Similar Contact Multiple Times Cryptographic Issues - Generic rajauzairabdullah No rating 2016-09-07
[github.algolia.com] XSS Cross-site Scripting (XSS) - Generic bogdantcaciuc No rating 2016-09-01
Stored xss Cross-site Scripting (XSS) - Generic sysecure No rating 2016-08-03
Stored XSS in name selection Cross-site Scripting (XSS) - Generic dly No rating 2016-06-18
User with limited access to Index configuration can rename the Index Improper Authentication - Generic bugs3ra No rating 2016-06-01
No rate-limit in Two factor Authentication leads to bypass using bruteforce attack Improper Authentication - Generic bugs3ra No rating 2016-06-01
API Key added for one Indices works for all other indices too. Improper Authentication - Generic bugs3ra No rating 2016-06-01
PHP version disclosed on blog.algolia.com Information Disclosure bugs3ra No rating 2016-06-01
an xss issue Cross-site Scripting (XSS) - Generic boniao_norwin No rating 2016-05-22
text injection can be used in phishing 404 page should not include attacker text Violation of Secure Design Principles djamel-ghorab No rating 2016-05-09
Stored XSS on https://www.algolia.com/realtime-search-demo/* Cross-site Scripting (XSS) - Generic stefanofinding No rating 2016-02-03