Bumble


5 total issues disclosed

$4,000 total paid publicly


Most disclosed (2 disclosures) — Violation of Secure Design Principles

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Exfiltrating a victim's exact location (to within 5m) Information Disclosure robertheaton High 2021-07-21
Bumble API exposes read status of chat messages Information Disclosure ndrong Medium 2021-03-13
On Singing up with a Phone number , The 4 digit OTP does not expires for a long time leading to an easy attack and make a verified account easilty Violation of Secure Design Principles godzkid High 2020-11-25
Bruteforce password recovery code Violation of Secure Design Principles 0x3c3e No rating 2020-01-18
CSRF bug Cross-Site Request Forgery (CSRF) dark_heaven No rating 2017-06-12