Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GitLab - HackerOne Reports

View on HackerOne

248

Total Reports

33

Critical

71

High

86

Medium

41

Low

Unfiltered `class` attribute in markdown code

Reported by: chalker | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

DOS via move_issue

Reported by: legit-security | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Bounty: $2300.00

XSS in ZenTao integration affecting self hosted instances without strict CSP

Reported by: joaxcar | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $13950.00

Git flag injection - local file overwrite to remote code execution

Reported by: vakzz | Disclosed:

Critical

Weakness: Command Injection - Generic

Bounty: $12000.00

Elasticsearch leaks data through the notes scope

Reported by: rpadovani | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Domain Takeover - gl-canary.freetls.fastly.net

Reported by: mike12 | Disclosed:

Low

Weakness: Privilege Escalation

Bounty: $200.00

CRLF injection & SSRF in git:// protocal lead to arbitrary code execution

Reported by: chromium1337 | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

Improper access control for users with expired password, giving the user full access through API and Git

Reported by: joaxcar | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $950.00

Milestones leaked via search API

Reported by: xanbanx | Disclosed:

Low

Weakness: Improper Access Control - Generic

information disclosure of secret_key_base via encoding charcters

Reported by: paresh_parmar | Disclosed:

High

Weakness: Information Exposure Through an Error Message

Bounty: $3500.00

Evaluating Ruby code by injecting Rescue job on the system_hook_push queue through web hook

Reported by: jobert | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

Bounty: $750.00

DOS via issue preview

Reported by: legit-security | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

Bounty: $7640.00

HTML TAG INJECTION ON PROFILE NAME

Reported by: rootbakar_ | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Stored

CSRF on /api/graphql allows executing mutations through GET requests

Reported by: az3z3l | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $3370.00

Adding everyone to the repo due to the lack of rate limit

Reported by: sadd_man | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Stored XSS in group issue list

Reported by: mike12 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $2000.00

Unauthorized access to private project security dashboard

Reported by: vaib25vicky | Disclosed:

Medium

Weakness: Information Disclosure

Gitlab.com is vulnerable to reverse tabnabbing. (#2)

Reported by: edoverflow | Disclosed:

Medium

Weakness: UI Redressing (Clickjacking)

Stored-XSS on wiki pages

Reported by: yvvdwf | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Impersonation attack via Broken Link in Resellers Page

Reported by: cdl | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Previous Page 8 of 13 Next