Pixiv Program Statistics

View program

11 total issues disclosed

$9,900 total paid publicly

Most disclosed (2 disclosures) — Cross-site Scripting (XSS) - Reflected

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Bypassing Inbox Privacy Settings and Enabling Spam on Pixiv.net Improper Access Control - Generic aaqibhussain Low 2026-04-27
Non-premium user can disable Ads in japanese version of dic.pixiv.net Business Logic Errors lainkusanagi High 2026-04-27
Internal logs/info leaked via endpoint {https://203.137.128.240/server-status} Information Disclosure dexter34 High 2026-01-20
Disclose Hidden Comments on Media Section of hub.vroid.com Insecure Direct Object Reference (IDOR) giwadaoud Medium 2026-01-18
clickjacing can lead to account takeover UI Redressing (Clickjacking) hyk3n Low 2026-01-18
Stealing Users OAuth authorization code via redirect_uri Improper Authorization kuzu7shiki High 2023-03-22
XSS Reflected at https://sketch.pixiv.net/ Via `next_url` Cross-site Scripting (XSS) - Reflected find_me_here Medium 2022-03-23
Reset any password Weak Password Recovery Mechanism for Forgotten Password noxx High 2021-03-31
RCE due to ImageTragick v2 Code Injection chaosbolt Critical 2021-03-16
XSS reflected on [https://www.pixiv.net] Cross-site Scripting (XSS) - Reflected bcobain23 Medium 2020-12-17
CSRF at https://chatstory.pixiv.net/imported Cross-Site Request Forgery (CSRF) katsuragicsl Medium 2020-07-02