Brave Software


74 total issues disclosed

$20,505 total paid publicly


Most disclosed (22 disclosures) — None supplied

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Brave Browser permanently timestamps & logs connection times for all v2 domains ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log Cleartext Storage of Sensitive Information sickcodes Medium 2021-08-16
DNS Leaks when using any VPN Browser extension with Brave Shield enabled Information Disclosure neeythann High 2021-07-08
Brave Browser Tor Window leaks user's real IP to the external DNS server Information Disclosure xiaoyinl High 2021-06-17
Cookie steal through content Uri Weak Password Recovery Mechanism for Forgotten Password kanytu Critical 2021-04-22
No rate limiting for confirmation email lead to email flooding and leads to enumeration of emails in publishers.basicattentiontoken.org Violation of Secure Design Principles root_geek Low 2020-11-09
Brave Browser potentially logs the last time a Tor window was used Cleartext Storage of Sensitive Information sickcodes Low 2020-11-04
HTTP Request Smuggling HTTP Request Smuggling dracomalfoy High 2020-06-04
Username Information Disclosure via Json response - Using parameter number Intruder Information Disclosure 0xrobot Low 2020-06-04
Stored XSS in localhost:* via integrated torrent downloader Cross-site Scripting (XSS) - Stored ryotak Medium 2019-09-24
chrome://brave navigation from web Code Injection qab Critical 2018-10-23
chrome://brave can still be navigated to, leading to RCE Code Injection qab High 2018-10-23
RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context None supplied metnew High 2018-10-22
[Android] HTML Injection in BatterySaveArticleRenderer WebView Cross-site Scripting (XSS) - Generic bobrov High 2018-10-22
Navigation to restricted origins via "Open in new tab" None supplied metnew Medium 2018-10-10
`settingcontent-ms` files lacks "mark of the web" => execute code by dbl click in Downloads toolbar None supplied metnew Low 2018-10-04
Cross-origin page stays focused before/after downloading + uninformative modal window for download None supplied metnew Low 2018-10-04
`alert()` dialogs on `chrome-extension://` origin (internal pages) None supplied metnew Low 2018-10-04
URL spoofing using protocol handlers None supplied metnew Medium 2018-10-04
URL spoofing in Brave for macOS None supplied metnew Medium 2018-10-04
Local files reading using `link[rel="import"]` None supplied metnew High 2018-09-29
Local files reading from the "file://" origin through `brave://` None supplied metnew High 2018-09-29
Local files reading from the web using `brave://` None supplied metnew Critical 2018-09-25
Torrent extension: Cross-origin downloading + "URL spoofing" + CSP-blocked XSS None supplied metnew Medium 2018-09-25
Navigation to `chrome-extension://` origin (internal pages) from the web None supplied metnew Low 2018-09-25
Unsafe handling of protocol handlers None supplied metnew Low 2018-09-25
Navigation to protocol handler URL from the opened page displayed as a request from this page. None supplied metnew Medium 2018-09-25
DoS in Brave browser for iOS Denial of Service metnew Low 2018-09-25
`chrome://brave` available for navigation in Release build [-> RCE] + navigation to `chrome://*` using tab_helper ["Open in new tab"] None supplied metnew High 2018-09-25
Sending arbitrary IPC messages via overriding Array.prototype.push Command Injection - Generic masatokinugawa Critical 2018-09-18
Brave Browser unexpectedly allows to send arbitrary IPC messages Command Injection - Generic masatokinugawa Critical 2018-09-18
Sending arbitrary IPC messages via overriding Function.prototype.apply Command Injection - Generic masatokinugawa Critical 2018-09-18
Cross domain tracking even with 3rd party cookies disabled. None supplied kmodi No rating 2018-08-08
OPEN REDIRECTION at every 302 HTTP CODE Open Redirect 0ktavandi Low 2018-08-08
Arbitrary local code execution via DLL hijacking from executable installer Violation of Secure Design Principles skanthak Medium 2018-07-09
Download of (later executed) .NET installer over insecure channel Man-in-the-Middle skanthak Low 2018-07-09
Directory Listing on https://promo-services-staging.brave.com Information Disclosure testingforbugs No rating 2018-07-09
[DOS] Browser hangs on loading the code snippet Denial of Service tikoo_sahil Low 2018-05-06
[DOS] denial of service using code snippet on brave browser Denial of Service tikoo_sahil Low 2018-05-06
Download attribute allows downloading local files None supplied skansing Low 2018-03-29
Bypassing Homograph Attack Using /@ [ Tested On Windows ] Violation of Secure Design Principles apapedulimu Low 2018-02-23
Torrent Viewer extension web service available on all interfaces Information Disclosure dutchgraa Medium 2018-01-26
application/x-brave-tab should not be readable. Privacy Violation qab High 2017-11-07
OS username disclosure Privacy Violation qab Low 2017-11-07
Homograph Attack Bypass [ Tested on Linux & Windows ] Violation of Secure Design Principles apapedulimu Low 2017-09-21
URL Spoof / Brave Shield Bypass Use of Inherently Dangerous Function mattaustin High 2017-08-31
Brave: Admin Panel Access Violation of Secure Design Principles ranjith16 Medium 2017-08-10
Brave payments remembers history even after clearing all browser data. Information Disclosure sumit Low 2017-08-10
Remote Stack Overflow Vulnerability (DoS) Denial of Service konduru-jashwanth No rating 2017-08-10
homograph-attack (unicode vuln) None supplied tarwadahorse No rating 2017-08-10
Clickjacking or URL Masking Improper Authentication - Generic dhiraj-mishra Medium 2017-08-10
Command Execution because of extension handling Command Injection - Generic paulos_ High 2017-08-10
links the user may download can be a malicious files Code Injection seifelsallamy High 2017-08-10
Address bar spoofing in Brave browser via. window close warnings Violation of Secure Design Principles xifengweiyu Medium 2017-08-10
[iOS] URL can be replaceState by blob URL in iOS Brave Violation of Secure Design Principles xifengweiyu Low 2017-08-10
invalid homepage URL causes 'uncaught typeerror' or blank state Violation of Secure Design Principles tsug0d Low 2017-06-12
Denial of service attack on Brave Browser. Denial of Service sahiltikoo Low 2017-02-11
No user confirmation when an auto-updated extension gets more permissions Violation of Secure Design Principles i1iii11iiiii111iii1 Low 2017-01-20
[iOS/Android] Address Bar Spoofing Vulnerability Violation of Secure Design Principles aaditya_purani No rating 2017-01-08
Information disclosure of website Information Disclosure 1_1_1 High 2016-11-16
Access to local file system using javascript None supplied karel_origin Medium 2016-11-16
2 Directory Listing on ledger.brave.com & vault-staging.brave.com Information Disclosure bibo Low 2016-11-13
Denial of service(POP UP Recursion) on Brave browser Denial of Service sahiltikoo Medium 2016-11-07
[website] Script injection in newsletter signup https://brave.com/brave_youth_program_signup.html Command Injection - Generic cmd-0_0 Medium 2016-11-03
Denial of service attack(window object) on brave browser Denial of Service sahiltikoo Medium 2016-10-25
[ios] Address bar spoofing in Brave for iOS None supplied ibram Low 2016-10-25
DOS in browser using window.print() function Denial of Service tushu No rating 2016-10-20
Javascript confirm() crashes Brave on PC None supplied ghjfgjggfdfhfgsdfssdf Medium 2016-10-19
JavaScript URL Issues in the latest version of Brave Browser None supplied smelt Medium 2016-10-17
[iOS] URI Obfuscation in iOS application HTTP Response Splitting noob-boy Low 2016-10-17
Status Bar Obfuscation Cryptographic Issues - Generic ajdumanhug Low 2016-10-15
URI Obfuscation HTTP Response Splitting ajdumanhug Medium 2016-10-15
Homograph attack Violation of Secure Design Principles jaypatel Low 2016-10-14
Subdomain Takeover of Brave.com Improper Authentication - Generic sahiltikoo None 2016-10-14
Address Bar Spoofing - Already resolved - Retroactive report Open Redirect jimeno Low 2016-10-14