| Potential IP revealing using UNC Path in Windows File Picker |
Information Disclosure |
newfunction |
Low |
2023-11-28 |
| SQL Injection in parameter REPORT |
SQL Injection |
wiloos |
Medium |
2023-11-28 |
| XSS on about:tbupdate |
Cross-site Scripting (XSS) - Reflected |
qab |
No rating |
2023-11-28 |
| Use of unitialized value in crypto_pk_num_bits (src/common/crypto.c:971) |
Memory Corruption - Generic |
geeknik |
No rating |
2023-11-28 |
| Zip bomb |
Incorrect Calculation of Buffer Size |
zerx |
Critical |
2023-11-28 |
| [rt.torproject.org] No Rate Limitting on Login Form |
Improper Restriction of Authentication Attempts |
0xspade |
No rating |
2023-11-28 |
| solving TOR vulnerability, in other to make bruteforce difficult |
Array Index Underflow |
joelisto |
Low |
2023-11-28 |
| Report Regarding Security Vulnerability |
None supplied |
srkfan |
No rating |
2023-11-28 |
| Multiple Path Transversal Vulnerabilites |
Path Traversal |
myselfphoton |
Medium |
2023-11-28 |
| Tor Project - Full Path Disclosure |
Information Exposure Through an Error Message |
yox |
Low |
2023-11-28 |
| https://get.ooni.torproject.org/ |
None supplied |
ba4fe4ca95021d367f8a574 |
No rating |
2023-11-28 |
| Content spoofing on |
Violation of Secure Design Principles |
nonamehiiden |
Low |
2023-11-28 |
| 'Request English versions of web pages for enhanced privacy' keeps previous (grayed out) settings |
Information Disclosure |
andreien |
No rating |
2023-09-13 |
| Snowflake server: Leak of TLS packets from other clients |
Information Disclosure |
hazae41 |
High |
2023-03-15 |
| Address Bar Spoofing on TOR Browser |
Phishing |
soulhunter |
High |
2023-01-02 |
| Tor Browser using --log or --verbose logs the exact connection time a client connects to any v2 domains. |
Information Disclosure |
sickcodes |
High |
2021-09-27 |
| Information Exposure Through Directory Listing |
Information Exposure Through Directory Listing |
sasikaran |
High |
2021-08-27 |
| Email Spoofing Possible on torproject.org Email Domain |
Business Logic Errors |
greenwolf |
Medium |
2018-10-16 |
| Expose user IP if TOR crashs |
None supplied |
rbcafe |
No rating |
2018-09-21 |
| Expose relay IP in the debug (The source is different from the rendering) |
None supplied |
rbcafe |
No rating |
2018-07-21 |
| De-anonymization by visiting specially crafted bookmark. |
Information Disclosure |
qab |
High |
2018-07-03 |
| Tor Browser: iframe with `data:` uri has access to parent window |
None supplied |
metnew |
High |
2018-06-06 |
| [tor] pre-emptive defenses, potential vulnerabilities |
Violation of Secure Design Principles |
guido |
No rating |
2017-11-26 |
| 16 instances where return value of OpenSSL i2d_RSAPublicKey is discarded -- might lead to use of uninitialized memory |
Information Disclosure |
guido |
No rating |
2017-11-26 |
| Access to local file system using javascript |
Violation of Secure Design Principles |
cuso4 |
High |
2017-11-18 |
| Use of uninitialized value in networkstatus_parse_vote_from_string (src/or/routerparse.c:3533) |
Memory Corruption - Generic |
geeknik |
None |
2017-10-31 |
| Cross-domain linkability when system time changed in Tor Browser |
Privacy Violation |
xiaoyinl |
Low |
2017-10-26 |
| Linux TBB SFTP URI allows local IP disclosure |
Information Disclosure |
julianjackson |
Critical |
2017-10-25 |
| Use of uninitialized value in memarea_strdup (src/common/memarea.c:369) |
Memory Corruption - Generic |
geeknik |
No rating |
2017-10-25 |
| Crashes/Buffer at 0x2C0086,name=PBrowser::Msg_Destroy |
Classic Buffer Overflow |
dhiraj-mishra |
Medium |
2017-10-24 |
| Preferred language option fingerprinting issue in Tor Browser |
Information Disclosure |
xiaoyinl |
Low |
2017-10-24 |
| Use-after-free during XML transformations (MFSA-2016-27) |
Memory Corruption - Generic |
agarri_fr |
No rating |
2017-10-21 |
| Uncloaking hidden services and hidden service users |
Man-in-the-Middle |
hackerfactor |
No rating |
2017-10-20 |
| Scrollbar Width permits detecting browser platform |
Information Disclosure |
hackerfactor |
Low |
2017-10-20 |
| Simple CSS line-height identifies platform |
Information Disclosure |
hackerfactor |
Low |
2017-10-20 |
| languagechange event fires simultaneously on all tabs |
Privacy Violation |
tomvg |
Low |
2017-10-19 |
| Enforce minimum master password complexity |
Password in Configuration File |
dhiraj-mishra |
Medium |
2017-10-19 |
| libevent (stack) buffer overflow in evutil_parse_sockaddr_port |
Memory Corruption - Generic |
guido |
No rating |
2017-10-19 |
| [tor] libevent dns remote stack overread vulnerability |
Memory Corruption - Generic |
guido |
No rating |
2017-10-19 |
| smartlist_add, smartlist_insert (may) cause heap corruption as a result of inadequate checks in smartlist_ensure_capacity |
Memory Corruption - Generic |
guido |
No rating |
2017-10-19 |
| Heap corruption via memarea.c |
Memory Corruption - Generic |
guido |
No rating |
2017-10-19 |
| [tor] libevent dns OOB read |
Memory Corruption - Generic |
guido |
No rating |
2017-10-19 |
| [tor] control connection pre-auth DoS (infinite loop) with --enable-bufferevents |
Denial of Service |
guido |
No rating |
2017-10-19 |
| potential memory corruption in or/buffers.c (particularly on 32 bit) |
Memory Corruption - Generic |
guido |
No rating |
2017-10-19 |
| Overreads/overcopies in torsocks |
Memory Corruption - Generic |
guido |
No rating |
2017-10-19 |
| Stack overflow in UnbindFromTree (browser can be crashed remotely) |
Stack Overflow |
geeknik |
High |
2017-10-02 |
| Sql query disclosure, |
Information Disclosure |
utkarsh1 |
Low |
2017-09-18 |
| [Android org.torproject.android] Possible to force list of bridges |
Forced Browsing |
bagipro |
High |
2017-08-21 |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles