| Access to microtransaction sales data for lots of apps from 2014 to present at /valvefinance/sanity/ |
Improper Access Control - Generic |
njbooher |
Critical |
2021-09-21 |
| Big Picture web browser leaks login cookies and discloses sensitive information (may lead to account takeover) |
Information Disclosure |
bugstar |
High |
2021-09-21 |
| Privilege Escalation vulnerability in steam's Remote Play feature leads to arbitrary kernel-mode driver installation |
Privilege Escalation |
hydraskyteam |
Medium |
2021-09-21 |
| Buffer overrun in Steam SILK voice decoder |
Classic Buffer Overflow |
slidybat |
Critical |
2021-09-13 |
| Modify in-flight data to payment provider Smart2Pay |
Business Logic Errors |
drbrix |
Critical |
2021-08-10 |
| RCE on CS:GO client using unsanitized entity ID in EntityMsg message |
Out-of-bounds Read |
teapotd |
Critical |
2021-05-27 |
| Signedness issue in ClassInfo message handler leads to RCE on CS:GO client |
Array Index Underflow |
teapotd |
Critical |
2021-05-27 |
| CS:GO Server -> Client RCE through OOB access in CSVCMsg_SplitScreen + Info leak in HTTP download |
Out-of-bounds Read |
simonscannell |
Critical |
2021-05-17 |
| [Portal 2] Remote Code Execution via voice packets |
Classic Buffer Overflow |
gamer7112 |
Critical |
2021-05-10 |
| [Source Engine] Material path truncation leads to Remote Code Execution |
Improper Input Validation |
nyancat0131 |
High |
2021-05-06 |
| [CS:GO] Unchecked texture file name with TEXTUREFLAGS_DEPTHRENDERTARGET can lead to Remote Code Execution |
Stack Overflow |
nyancat0131 |
High |
2021-05-06 |
| Specially Crafted Closed Captions File can lead to Remote Code Execution in CS:GO and other Source Games |
Classic Buffer Overflow |
gamer7112 |
Critical |
2021-05-05 |
| OOB reads in network message handlers leads to RCE |
Out-of-bounds Read |
slidybat |
Critical |
2021-05-04 |
| GoldSrc: Buffer Overflow in DELTA_ParseDelta function leads to RCE |
Stack Overflow |
pixelindigo |
Critical |
2021-05-04 |
| [steam client] Opening a specific steam:// url overwrites files at an arbitrary location |
Write-what-where Condition |
kbeckmann |
Medium |
2020-09-22 |
| [Half-Life 1] Malformed map name leads to memory corruption and code execution |
Classic Buffer Overflow |
kbeckmann |
High |
2020-09-22 |
| Unauthorized updates to extended_info properties in /store/ajaxpackagesave |
Improper Access Control - Generic |
njbooher |
High |
2020-09-09 |
| Add apps to packages 0, 61, 62 with /store/ajaxpackagemerge |
Improper Access Control - Generic |
njbooher |
High |
2020-09-09 |
| Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser |
Stack Overflow |
irukandjisecresearch |
High |
2020-08-19 |
| [GoldSrc] RCE via malformed BSP file |
Classic Buffer Overflow |
gamer7112 |
High |
2020-08-19 |
| [GoldSrc] RCE via 'spk' Console Command |
Classic Buffer Overflow |
gamer7112 |
High |
2020-08-19 |
| Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser |
Stack Overflow |
irukandjisecresearch |
High |
2020-08-19 |
| ajaxgetachievementsforgame is not guarded for unreleased apps |
Information Disclosure |
jameslll |
Medium |
2020-07-30 |
| Vulnerability in GoldSource Engine allows to upload and run an arbitrary DLL on client |
Malware |
kohtep2010 |
High |
2020-03-25 |
| Malformed NAV file leads to buffer overflow and code execution in Left4Dead2.exe |
Classic Buffer Overflow |
hunterstanton |
Critical |
2020-03-25 |
| Malformed BSP in GoldSrc Engine may cause shellcode injection |
Classic Buffer Overflow |
kohtep2010 |
High |
2020-03-25 |
| Hidden scheduled partner events are propagated to Steam clients in CMsgClientClanState |
Information Disclosure |
xpaw |
Medium |
2020-03-20 |
| Malformed .BMP file in Counter-Strike 1.6 may cause shellcode injection |
Classic Buffer Overflow |
kohtep2010 |
High |
2020-02-27 |
| Malformed save files (.sav) allow to write files with arbitrary extensions and content in GoldSrc-based games. |
Malware |
splatt581 |
High |
2020-02-24 |
| GetGlobalAchievementPercentagesForApp is missing the same release checks as GetSchemaForGame |
Information Disclosure |
xpaw |
Medium |
2020-02-20 |
| Steam chat - trade offer presentation vulnerability |
Business Logic Errors |
hackerontwowheels |
Medium |
2020-02-19 |
| Arbitrary File Write as SYSTEM from unprivileged user |
Privilege Escalation |
b0yd |
High |
2020-01-15 |
| Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message |
Code Injection |
shayhelman |
Critical |
2019-10-09 |
| Malformed .MDL triggers an Access Violation on GoldSRC (hl.exe) |
Memory Corruption - Generic |
chippy |
High |
2019-10-09 |
| Unchecked weapon id in WeaponList message parser on client leads to RCE |
Array Index Underflow |
nyancat0131 |
Critical |
2019-09-17 |
| Malformed playlist.txt in GoldSrc games leads to Access Violation & arbitrary code execution |
Stack Overflow |
nyancat0131 |
High |
2019-09-17 |
| ISteamAssets gives partners control over unrelated community market transactions |
Improper Access Control - Generic |
njbooher |
High |
2019-05-24 |
| RCE on Steam Client via buffer overflow in Server Info |
Classic Buffer Overflow |
vinnievan |
Critical |
2019-03-15 |
| [help.steampowered.com] Account takeover bruteforcing SteamGuard |
Business Logic Errors |
natetheriver |
High |
2019-01-23 |
| XSS in steam react chat client |
Cross-site Scripting (XSS) - Stored |
zemnmez |
Critical |
2019-01-07 |
| Getting all the CD keys of any game |
Improper Access Control - Generic |
moskowsky |
Critical |
2018-10-31 |
| Getting all the CD keys of any game |
Improper Access Control - Generic |
moskowsky |
Critical |
2018-10-31 |
| Buffer overflows in demo parsing |
Classic Buffer Overflow |
yalter |
Medium |
2018-08-29 |
| Malformed Skybox .TGA in Half-Life (GoldSRC) leads to Access Violation |
Classic Buffer Overflow |
chippy |
High |
2018-08-29 |
| SQL Injection in report_xml.php through countryFilter[] parameter |
SQL Injection |
moskowsky |
Critical |
2018-07-27 |
| Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution |
Classic Buffer Overflow |
chippy |
Critical |
2018-07-19 |
| resetreportedcount & updatetags doesn't verify appid param |
Improper Authentication - Generic |
milkgames |
Medium |
2018-07-03 |
| Suspended users can bypass UGC upload ban |
Improper Access Control - Generic |
delite |
Low |
2018-07-03 |
| ImageMagick GIF coder vulnerability leading to memory disclosure |
Information Disclosure |
alyssa_herrera |
Medium |
2018-07-03 |
| GetReports works for hubs you don't have access to |
Privacy Violation |
milkgames |
Medium |
2018-05-31 |
| Aapp name leakage on economy history page |
Information Disclosure |
xpaw |
Medium |
2018-05-25 |
| Unfiltered input allows for XSS in "Playtime Item Grants" fields |
Cross-site Scripting (XSS) - Stored |
xpaw |
Medium |
2018-05-25 |
| Stored XXS @ https://steamcommunity.com/search/users/#text= via Profile Name |
Cross-site Scripting (XSS) - Stored |
osintopsec |
Medium |
2018-05-24 |
| Link filter protection bypass |
Open Redirect |
ramsexy |
Medium |
2018-05-10 |
| LFI in pChart php library |
Path Traversal |
ramsexy |
High |
2018-05-10 |
| Read Access to all comments on unauthorized forums' discussions! IDOR! |
Insecure Direct Object Reference (IDOR) |
ta8ahi |
Medium |
2018-05-09 |
| Xss was found by exploiting the URL markdown on http://store.steampowered.com |
Cross-site Scripting (XSS) - DOM |
kenziy |
Medium |
2018-05-09 |
| Reflected XSS in www.dota2.com |
Cross-site Scripting (XSS) - Reflected |
jr0ch17 |
Medium |
2018-05-09 |
| MySQL username and password leaked in developer.valvesoftware.com via source code dislosure |
Password in Configuration File |
nahamsec |
Medium |
2018-05-07 |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles