Bitwarden


9 total issues disclosed

$0 total paid publicly


Most disclosed (2 disclosures) — Business Logic Errors

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
When uploading attachments, unencrypted file names are made available to the server Missing Encryption of Sensitive Data jjlin No rating 2021-08-02
Rate limits too low for email 2FA Brute Force exploit_db Medium 2020-10-14
Blind HTTP GET SSRF via website icon fetch (bypass of pull#812) Server-Side Request Forgery (SSRF) shielder Low 2020-09-11
Server-Side Request Forgery in "icons.bitwarden.net" Server-Side Request Forgery (SSRF) njgadhiya Medium 2020-08-07
Tracking Bitwarden firefox addon users None supplied kmodi High 2018-05-23
Vulnerable exported broadcast receiver Violation of Secure Design Principles b3nac Low 2017-11-10
Organization Admin Privilege Escalation To Owner Business Logic Errors rhynorater Medium 2017-10-28
Mailgun misconfiguration on email.bitwarden.com Business Logic Errors babayaga_ Low 2017-10-27
Export vault feature is vulnerable to CSV injection OS Command Injection kenziy No rating 2017-09-28