Flickr Program Statistics

View program

16 total issues disclosed

$8,179 total paid publicly

Most disclosed (4 disclosures) — Open Redirect

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
High resource consumption by insufficient sanitization of forum threads pagination Allocation of Resources Without Limits or Throttling maskopatol Medium 2025-11-24
Information Disclosure: .dockerignore file is publicly accessible None supplied neon_mm None 2025-01-14
Incorrect Deep-link validation leading to unresponsive application and device Improper Input Validation fr4via Medium 2024-07-06
IDOR may allow access to non-public photos Insecure Direct Object Reference (IDOR) 0xcyborg Medium 2024-07-06
Exceed photo dimensions, Flickr.com None supplied 0xcyborg Low 2022-11-07
Open Redirect Open Redirect stevejubx Low 2022-09-29
Critical broken cookie signing on dagobah.flickr.com Business Logic Errors ian Medium 2022-05-24
Open redirect bypass Open Redirect xlord91 Low 2022-05-23
Stored XSS in photos_user_map.gne Cross-site Scripting (XSS) - Stored keer0k High 2022-05-23
Open redirect GET-Based on https://www.flickr.com/browser/upgrade/?continue= Open Redirect c4rrilat0rr Low 2022-03-16
Flickr Account Takeover using AWS Cognito API Improper Authentication - Generic lauritz Critical 2021-12-18
critical server misconfiguration lead to access to any user sensitive data which include user email and password Business Logic Errors mr_robert Medium 2021-11-02
CSRF in Account Deletion feature (https://www.flickr.com/account/delete) Cross-Site Request Forgery (CSRF) asad0x01_ High 2021-09-14
Improper access control in place for "member only" groups via root.YUI_config.flickr.api.site_key Improper Access Control - Generic sector035 Medium 2021-05-03
Stored open redirect in about page Open Redirect xprto Medium 2021-05-03
Arbitrary file read via ffmpeg HLS parser at https://www.flickr.com/photos/upload Code Injection asad0x01_ Critical 2020-01-25