| HTML Injection with XSS possible |
Cross-site Scripting (XSS) - Stored |
malek |
Medium |
2021-04-29 |
| self-xss with ClickJacking can leads to account takeover in Firefox |
Cross-site Scripting (XSS) - DOM |
keer0k |
Low |
2020-11-17 |
| Stored XSS in Post title (PoC) |
Cross-site Scripting (XSS) - Stored |
zerox4 |
Medium |
2020-09-02 |
| SSRF in imgur video GIF conversion |
Server-Side Request Forgery (SSRF) |
mariuszpoplawski |
High |
2020-08-13 |
| Sourcemaps and Unminified Source Code Exposed on Pages |
Improper Access Control - Generic |
gennaro |
Medium |
2020-05-07 |
| Password Reset Link not expiring after changing the email Leads To Account Takeover |
Improper Authentication - Generic |
alishah |
Medium |
2019-12-03 |
| CSRF leads to a stored self xss |
Cross-site Scripting (XSS) - Reflected |
hogarth45 |
Low |
2019-08-30 |
| Stored XSS on imgur profile |
Cross-site Scripting (XSS) - Stored |
giddsec |
Medium |
2019-03-02 |
| Go.imgur.com can be used to phish for account information |
Phishing |
kiyell |
Low |
2018-09-21 |
| Information disclosure (No rate limting in forgot password & other login) |
Information Disclosure |
protector47 |
No rating |
2018-04-14 |
| Reflected XSS in m.imgur.com |
Cross-site Scripting (XSS) - Generic |
logue |
No rating |
2017-10-07 |
| Login to any user account using other facebook app access token |
Improper Authentication - Generic |
vinothkumar |
No rating |
2017-07-24 |
| RCE by command line argument injection to `gm convert` in `/edit/process?a=crop` |
Command Injection - Generic |
neex |
Critical |
2017-04-26 |
| Remote Code Execution on Git.imgur-dev.com |
Code Injection |
orange |
Critical |
2017-04-16 |
| Stored xss in ALBUM DESCRIPTION |
Cross-site Scripting (XSS) - Generic |
armaanpathan |
Medium |
2017-01-27 |
| Stored XSS in albums on http://m.imgur.com/ |
Cross-site Scripting (XSS) - Generic |
strukt |
No rating |
2017-01-17 |
| Unauthenticated Docker registry |
Improper Authentication - Generic |
nathonsecurity |
No rating |
2016-11-22 |
| Reflected Flash XSS using swfupload.swf with an epileptic reloading to bypass the button-event |
Cross-site Scripting (XSS) - Generic |
fransrosen |
No rating |
2016-07-28 |
| Attack User Privacy Settings - X-Frame-Options missing on m.imgur.com/user/username/settings |
UI Redressing (Clickjacking) |
kasser |
No rating |
2016-05-04 |
| Local file read in image editor |
Code Injection |
sl1m |
No rating |
2016-04-16 |
| SSRF and local file read in video to gif converter |
None supplied |
sl1m |
No rating |
2016-04-16 |
| Persistent XSS in image title |
Cross-site Scripting (XSS) - Generic |
kasperkarlsson |
No rating |
2016-03-31 |
| XSS via React element spoofing |
Cross-site Scripting (XSS) - Generic |
jouko |
No rating |
2016-03-24 |
| Server Side Request Forgery In Video to GIF Functionality |
Cross-Site Request Forgery (CSRF) |
1n3 |
No rating |
2016-03-22 |
| SSRF / Local file enumeration / DoS due to improper handling of certain file formats by ffmpeg |
Command Injection - Generic |
aesteral |
No rating |
2016-03-14 |
| SSRF in https://imgur.com/vidgif/url |
Denial of Service |
aesteral |
No rating |
2016-03-12 |
| risk of having secure=false in a crossdomain.xml |
Memory Corruption - Generic |
hacker00000000 |
No rating |
2016-03-03 |
| Big Bug in SSL : breach compression attack (CVE-2013-3587) affect imgur.com |
Cryptographic Issues - Generic |
hacker00000000 |
No rating |
2016-01-21 |
| XSS in imgur mobile 3 |
Cross-site Scripting (XSS) - Generic |
charfee |
No rating |
2016-01-21 |
| XSS m.imgur.com |
Cross-site Scripting (XSS) - Generic |
charfee |
No rating |
2016-01-21 |
| XSS in imgur mobile |
Cross-site Scripting (XSS) - Generic |
charfee |
No rating |
2016-01-19 |
| Imgur dev environments facing the Internet |
Information Disclosure |
nathonsecurity |
No rating |
2016-01-09 |
| "Sign me out everywhere" does not work for desktop sessions |
Cryptographic Issues - Generic |
d1pakda5 |
No rating |
2015-12-23 |
| Crossdomain.xml settings on api.imgur.com too open |
Memory Corruption - Generic |
kiraak-boy |
No rating |
2015-12-09 |
| Open Url redirection on login with facebook |
Cryptographic Issues - Generic |
d1pakda5 |
No rating |
2015-12-09 |
| Csrf near report abuse meme |
Cross-Site Request Forgery (CSRF) |
nthack |
No rating |
2015-12-09 |
| Persistent XSS in https://p.imgur.com/albumview.gif and http://p.imgur.com/imageview.gif / post statistics |
Cross-site Scripting (XSS) - Generic |
sleepprogger |
No rating |
2015-12-09 |
| Content Sniffing not enabled |
Cryptographic Issues - Generic |
unknown_cybary |
No rating |
2015-12-09 |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles