Brave Software Program Statistics

View program

109 total issues disclosed

$20,505 total paid publicly

Most disclosed (24 disclosures) — None supplied

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
iOS Brave Playlist "Open in Private Tab" bypasses FaceID requirement for Private Tabs Improper Authentication - Generic aaront Medium 2026-05-28
Brave Shields Domain Reordering Leads to Origin Confusion Violation of Secure Design Principles mousepadkalilinux12_ Low 2026-04-13
SameSite restrictions are lifted, and SameSite:Strict cookie are being sent. Improper Certificate Validation mingijung High 2025-10-15
Prompt Injection via GitHub Patch in Brave AI Chat (Leo) LLM01: Prompt Injection stellersjay High 2025-08-22
Null Pointer Dereference by Crafted Response from AI Model NULL Pointer Dereference canalun Low 2025-03-26
Incorrect security UI of files' download source on brave MacOS User Interface (UI) Misrepresentation of Critical Information syarif07 High 2025-01-16
Brave Android: Incorrect URL Eliding in Brave Shields Pop Up Violation of Secure Design Principles jayateerthag Low 2024-09-18
UAF on JSEthereumProvider Use After Free nick0ve Critical 2023-10-11
Tor IP leak caused by the PDF Viewer extension in certain situations Information Disclosure world_languages Medium 2023-08-02
HTML injection in title of reader view Cross-site Scripting (XSS) - DOM nishimunea Medium 2023-06-22
Universal XSS through FIDO U2F register from subframe Cross-site Scripting (XSS) - Generic nishimunea High 2023-06-22
Phishing/Malware site blocking on Brave iOS can be bypassed with trailing dot in hostname Violation of Secure Design Principles nishimunea Medium 2023-06-22
Onion-Location header allows to open arbitrary URLs including chrome: Violation of Secure Design Principles nishimunea High 2023-06-22
XSS on Brave Today through custom RSS feed Cross-site Scripting (XSS) - DOM nishimunea Medium 2023-06-22
New XSS vector in ReaderMode with %READER-TITLE-NONCE% Cross-site Scripting (XSS) - Generic nishimunea Critical 2023-06-22
Universal XSS with Playlist feature Cross-site Scripting (XSS) - Stored nishimunea High 2023-06-22
XSS on internal: privileged origin through reader mode Cross-site Scripting (XSS) - Generic nishimunea High 2023-06-22
Security token and handler name leak from window.braveBlockRequests Information Disclosure nishimunea High 2023-06-22
Persistent user tracking is possible using window.caches, by avoiding Brave Shields Privacy Violation nishimunea Medium 2023-06-22
UI spoofing by showing sms:/tel: dialog on another website Phishing nishimunea Low 2023-06-22
Brave Shield for iOS is weak against IDN homograph attacks Phishing nishimunea Low 2023-06-22
Brave News feeds can open arbitrary chrome: URLs Privilege Escalation nishimunea High 2023-06-22
Open redirect due to scanning QR code via brave browser Open Redirect roland_hack High 2023-06-08
download file type warning on Windows does not appear if "ask where to save file before downloading" setting is enabled None supplied ameenbasha High 2023-05-10
S3 Bucket Takeover "brave-browser-rpm-staging-release-test" Improper Access Control - Generic j3rry-1729 No rating 2023-04-26
S3 Bucket Takeover : brave-apt Improper Access Control - Generic j3rry-1729 Medium 2023-04-26
UXss on brave browser via scan QR Code Cross-site Scripting (XSS) - Generic mrzheev High 2023-04-11
Open redirect found on account.brave.com Open Redirect tabaahi Medium 2022-06-30
Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS Code Injection d3f4u17 Medium 2022-06-30
Arbitrary file download due to bad handling of Redirects in WebTorrent Code Injection d3f4u17 Medium 2022-06-30
Redirecting users to malicious torrent-files/websites using WebTorrent Violation of Secure Design Principles d3f4u17 Medium 2022-06-30
Browser is not following proper flow for redirection cause open redirect None supplied kalkii High 2022-06-30
Information disclosure-Referer leak Information Disclosure kkarfalcon High 2022-02-01
unclaimed s3 bucket takeover in the 3 js file located on the github page of brave software Business Logic Errors gaurav-bhatia Low 2021-09-24
Information disclosure Information Disclosure kkarfalcon High 2021-09-21
Brave Browser permanently timestamps & logs connection times for all v2 domains ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log Cleartext Storage of Sensitive Information sickcodes Medium 2021-08-16
DNS Leaks when using any VPN Browser extension with Brave Shield enabled Information Disclosure neeythann High 2021-07-08
Brave Browser Tor Window leaks user's real IP to the external DNS server Information Disclosure xiaoyinl High 2021-06-17
Cookie steal through content Uri Weak Password Recovery Mechanism for Forgotten Password kanytu Critical 2021-04-22
No rate limiting for confirmation email lead to email flooding and leads to enumeration of emails in publishers.basicattentiontoken.org Violation of Secure Design Principles root_geek Low 2020-11-09
Brave Browser potentially logs the last time a Tor window was used Cleartext Storage of Sensitive Information sickcodes Low 2020-11-04
HTTP Request Smuggling HTTP Request Smuggling dracomalfoy High 2020-06-04
Username Information Disclosure via Json response - Using parameter number Intruder Information Disclosure 0xrobot Low 2020-06-04
Stored XSS in localhost:* via integrated torrent downloader Cross-site Scripting (XSS) - Stored ryotak Medium 2019-09-24
chrome://brave navigation from web Code Injection qab Critical 2018-10-23
chrome://brave can still be navigated to, leading to RCE Code Injection qab High 2018-10-23
RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context None supplied metnew High 2018-10-22
[Android] HTML Injection in BatterySaveArticleRenderer WebView Cross-site Scripting (XSS) - Generic bobrov High 2018-10-22
Navigation to restricted origins via "Open in new tab" None supplied metnew Medium 2018-10-10
`settingcontent-ms` files lacks "mark of the web" => execute code by dbl click in Downloads toolbar None supplied metnew Low 2018-10-04
Cross-origin page stays focused before/after downloading + uninformative modal window for download None supplied metnew Low 2018-10-04
`alert()` dialogs on `chrome-extension://` origin (internal pages) None supplied metnew Low 2018-10-04
URL spoofing using protocol handlers None supplied metnew Medium 2018-10-04
URL spoofing in Brave for macOS None supplied metnew Medium 2018-10-04
Local files reading using `link[rel="import"]` None supplied metnew High 2018-09-29
Local files reading from the "file://" origin through `brave://` None supplied metnew High 2018-09-29
Local files reading from the web using `brave://` None supplied metnew Critical 2018-09-25
Torrent extension: Cross-origin downloading + "URL spoofing" + CSP-blocked XSS None supplied metnew Medium 2018-09-25
Navigation to `chrome-extension://` origin (internal pages) from the web None supplied metnew Low 2018-09-25
Unsafe handling of protocol handlers None supplied metnew Low 2018-09-25
Navigation to protocol handler URL from the opened page displayed as a request from this page. None supplied metnew Medium 2018-09-25
DoS in Brave browser for iOS Denial of Service metnew Low 2018-09-25
`chrome://brave` available for navigation in Release build [-> RCE] + navigation to `chrome://*` using tab_helper ["Open in new tab"] None supplied metnew High 2018-09-25
Sending arbitrary IPC messages via overriding Array.prototype.push Command Injection - Generic masatokinugawa Critical 2018-09-18
Brave Browser unexpectedly allows to send arbitrary IPC messages Command Injection - Generic masatokinugawa Critical 2018-09-18
Sending arbitrary IPC messages via overriding Function.prototype.apply Command Injection - Generic masatokinugawa Critical 2018-09-18
Cross domain tracking even with 3rd party cookies disabled. None supplied kmodi No rating 2018-08-08
OPEN REDIRECTION at every 302 HTTP CODE Open Redirect 0ktavandi Low 2018-08-08
Arbitrary local code execution via DLL hijacking from executable installer Violation of Secure Design Principles skanthak Medium 2018-07-09
Download of (later executed) .NET installer over insecure channel Man-in-the-Middle skanthak Low 2018-07-09
Directory Listing on https://promo-services-staging.brave.com Information Disclosure testingforbugs No rating 2018-07-09
[DOS] Browser hangs on loading the code snippet Denial of Service tikoo_sahil Low 2018-05-06
[DOS] denial of service using code snippet on brave browser Denial of Service tikoo_sahil Low 2018-05-06
Download attribute allows downloading local files None supplied skansing Low 2018-03-29
Bypassing Homograph Attack Using /@ [ Tested On Windows ] Violation of Secure Design Principles apapedulimu Low 2018-02-23
Torrent Viewer extension web service available on all interfaces Information Disclosure dutchgraa Medium 2018-01-26
application/x-brave-tab should not be readable. Privacy Violation qab High 2017-11-07
OS username disclosure Privacy Violation qab Low 2017-11-07
Homograph Attack Bypass [ Tested on Linux & Windows ] Violation of Secure Design Principles apapedulimu Low 2017-09-21
URL Spoof / Brave Shield Bypass Use of Inherently Dangerous Function mattaustin High 2017-08-31
Brave: Admin Panel Access Violation of Secure Design Principles ranjith16 Medium 2017-08-10
Brave payments remembers history even after clearing all browser data. Information Disclosure sumit Low 2017-08-10
Remote Stack Overflow Vulnerability (DoS) Denial of Service konduru-jashwanth No rating 2017-08-10
homograph-attack (unicode vuln) None supplied tarwadahorse No rating 2017-08-10
Clickjacking or URL Masking Improper Authentication - Generic dhiraj-mishra Medium 2017-08-10
Command Execution because of extension handling Command Injection - Generic paulos_ High 2017-08-10
links the user may download can be a malicious files Code Injection seifelsallamy High 2017-08-10
Address bar spoofing in Brave browser via. window close warnings Violation of Secure Design Principles xifengweiyu Medium 2017-08-10
[iOS] URL can be replaceState by blob URL in iOS Brave Violation of Secure Design Principles xifengweiyu Low 2017-08-10
invalid homepage URL causes 'uncaught typeerror' or blank state Violation of Secure Design Principles tsug0d Low 2017-06-12
Denial of service attack on Brave Browser. Denial of Service sahiltikoo Low 2017-02-11
No user confirmation when an auto-updated extension gets more permissions Violation of Secure Design Principles i1iii11iiiii111iii1 Low 2017-01-20
[iOS/Android] Address Bar Spoofing Vulnerability Violation of Secure Design Principles aaditya_purani No rating 2017-01-08
Information disclosure of website Information Disclosure 1_1_1 High 2016-11-16
Access to local file system using javascript None supplied karel_origin Medium 2016-11-16
2 Directory Listing on ledger.brave.com & vault-staging.brave.com Information Disclosure bibo Low 2016-11-13
Denial of service(POP UP Recursion) on Brave browser Denial of Service sahiltikoo Medium 2016-11-07
[website] Script injection in newsletter signup https://brave.com/brave_youth_program_signup.html Command Injection - Generic cmd-0_0 Medium 2016-11-03
Denial of service attack(window object) on brave browser Denial of Service sahiltikoo Medium 2016-10-25
[ios] Address bar spoofing in Brave for iOS None supplied ibram Low 2016-10-25
DOS in browser using window.print() function Denial of Service tushu No rating 2016-10-20
Javascript confirm() crashes Brave on PC None supplied ghjfgjggfdfhfgsdfssdf Medium 2016-10-19
JavaScript URL Issues in the latest version of Brave Browser None supplied smelt Medium 2016-10-17
[iOS] URI Obfuscation in iOS application HTTP Response Splitting noob-boy Low 2016-10-17
Status Bar Obfuscation Cryptographic Issues - Generic ajdumanhug Low 2016-10-15
URI Obfuscation HTTP Response Splitting ajdumanhug Medium 2016-10-15
Homograph attack Violation of Secure Design Principles jaypatel Low 2016-10-14
Subdomain Takeover of Brave.com Improper Authentication - Generic sahiltikoo None 2016-10-14
Address Bar Spoofing - Already resolved - Retroactive report Open Redirect jimeno Low 2016-10-14