Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Instacart - HackerOne Reports

View on HackerOne

35

Total Reports

0

Critical

1

High

3

Medium

3

Low

Login with Google Not Authenticated on iOS App

Reported by: bhavukjain1 | Disclosed:

Low

Weakness: Improper Authentication - Generic

Seemingly sensitive information at /api/v2/zones

Reported by: sameoldstory | Disclosed:

Weakness: Information Disclosure

Bounty: $50.00

Authorization Bypass in Delivery Chat Logs

Reported by: michiel | Disclosed:

Weakness: Privilege Escalation

Bounty: $100.00

XSS in instacart.com/store/partner_recipe

Reported by: karel_origin | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $100.00

[Critical] Subdomain Takeover

Reported by: rootnp | Disclosed:

Weakness: Privilege Escalation

WordPress Authentication Denial of Service

Reported by: clizsec | Disclosed:

Weakness: Uncontrolled Resource Consumption

Bounty: $100.00

CSRF with redeem coupon request

Reported by: introvertmac | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Full access to any list

Reported by: sameoldstory | Disclosed:

Weakness: Privilege Escalation

Bounty: $150.00

Fetch private list metadata and any user's personal name

Reported by: sameoldstory | Disclosed:

Weakness: Information Disclosure

Bounty: $150.00

Host Header Injection/Redirection in: https://www.instacart.com/

Reported by: 0xm1racle | Disclosed:

Weakness: Open Redirect

Reflected File Download on recipe list search

Reported by: dsopas | Disclosed:

Weakness: Command Injection - Generic

Server side request forgery on image upload for lists

Reported by: eboda | Disclosed:

Weakness: Code Injection

Bounty: $50.00

shopper login_code's can be brute forced

Reported by: b6117130df17feef13481e3 | Disclosed:

Weakness: Improper Authentication - Generic

Image Upload Path Disclosure

Reported by: mefkan | Disclosed:

Weakness: Information Disclosure

Bounty: $100.00

Hyperlink Injection in Friend Invitation Emails

Reported by: corb3nik | Disclosed:

Weakness: Open Redirect

Bounty: $100.00

API OAuth Public Key disclosure in mobile app

Reported by: cablej | Disclosed:

Weakness: Information Disclosure

Brute force login and bypass locked account restrictions via iOS app

Reported by: cablej | Disclosed:

Weakness: Violation of Secure Design Principles

CSRF Trial 14 days express subscription

Reported by: tolo7010 | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Bruteforcing password reset tokens, could lead to account takeover

Reported by: 003random | Disclosed:

Medium

Weakness: Improper Restriction of Authentication Attempts

Bounty: $50.00

XSS at in instacart.com/store/partner_recipe

Reported by: ak1t4 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Page 1 of 2 Next