Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Gratipay - HackerOne Reports

View on HackerOne

88

Total Reports

0

Critical

5

High

14

Medium

13

Low

Directory Listing on grtp.co

Reported by: atom | Disclosed:

Weakness: Cryptographic Issues - Generic

i am The bug

Reported by: b6d1c05a07d5e281f83043b | Disclosed:

Weakness: Array Index Underflow

Secure Pages Include Mixed Content

Reported by: lulliii | Disclosed:

Low

Incomplete or No Cache-control and Pragma HTTP Header Set

Reported by: lulliii | Disclosed:

Low

SQL TEST

Reported by: lozsec | Disclosed:

Weakness: SQL Injection

nginx version disclosure on downloads.gratipay.com

Reported by: footstep | Disclosed:

Weakness: Information Disclosure

Sub domain take over in gratipay.com

Reported by: anshad | Disclosed:

Weakness: Violation of Secure Design Principles

After removing app from facebook app session not expiring.

Reported by: lilly | Disclosed:

Weakness: Improper Authentication - Generic

Prevent content spoofing on /~username/emails/verify.html

Reported by: ishahriyar | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $10.00

Usernames ending in .json are not restricted

Reported by: karthic | Disclosed:

Weakness: Violation of Secure Design Principles

Reset Link Issue

Reported by: i1ackerone | Disclosed:

Weakness: Improper Authentication - Generic

Missing Certificate Authority Authorization rule

Reported by: gujjuboy10x00 | Disclosed:

Possible user session hijack by invalid HTTPS certificate on inside.gratipay.com domain

Reported by: b3nac | Disclosed:

Low

Weakness: Violation of Secure Design Principles

CSP Policy Bypass and javascript execution Still Not Fixed

Reported by: 4w3 | Disclosed:

CSP Policy Bypass and javascript execution

Reported by: athuljayaram | Disclosed:

Session Fixation At Logout /Session Misconfiguration

Reported by: aa23 | Disclosed:

Weakness: Improper Authentication - Generic

Content-Length restriction bypass to heap overflow in gip.rocks.

Reported by: edoverflow | Disclosed:

High

Weakness: Heap Overflow

This is a test report

Reported by: hunter012 | Disclosed:

400 Bad Request [Use a third-party provider to sign in or create an account on Gratipay]

Reported by: nihaddl | Disclosed:

Weakness: Violation of Secure Design Principles

Certificate signed using SHA-1

Reported by: lulliii | Disclosed:

Medium

Previous Page 4 of 5 Next