Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Liberapay - HackerOne Reports

View on HackerOne

47

Total Reports

0

Critical

1

High

6

Medium

12

Low

Failure to Invalid Session after Password Change

Reported by: sudipraj | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Avatar URL is exposed in patron export for secret donations

Reported by: mdivecky | Disclosed:

Medium

Weakness: Privacy Violation

Session Cookie without HttpOnly and secure flag set

Reported by: doug18 | Disclosed:

Weakness: Violation of Secure Design Principles

Login CSRF : Login Authentication Flaw on https://liberapay.com/

Reported by: samjoy_26 | Disclosed:

Low

Weakness: Phishing

Reauthentication for changing password bypass

Reported by: viber | Disclosed:

Low

Weakness: Improper Authentication - Generic

Email Address Exposure via Gratipay Migration Tool

Reported by: suprnova | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $100.00

Broken Authentication and session management OWASP A2

Reported by: sameerphad72 | Disclosed:

Weakness: Improper Authentication - Generic

Leaking Of Sensitive Information on Github

Reported by: harris0ft | Disclosed:

Low

Weakness: Information Disclosure

User Enumeration

Reported by: htrgouvea | Disclosed:

Low

Unsafe yaml load can lead to remote code execution

Reported by: tarun_sec | Disclosed:

Low

Weakness: Deserialization of Untrusted Data

Punny code Detection Parsing should be implemented on Markdown

Reported by: kunal94 | Disclosed:

Weakness: Business Logic Errors

Cross site scripting (content-sniffing)

Reported by: said778 | Disclosed:

Weakness: Cross-site Scripting (XSS) - DOM

No Data Validation, No Captcha, No Filters...

Reported by: cardangi | Disclosed:

Weakness: Business Logic Errors

Buffer overflow

Reported by: kaushalag29 | Disclosed:

Weakness: Classic Buffer Overflow

Improper Data Validation / Unvalidated Input

Reported by: cardangi | Disclosed:

Weakness: Classic Buffer Overflow

Same CSRF token is being used for deleting other platform login’s within an account and across other liberapay Account’s

Reported by: mah1ndra | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

CSRF ON EDITING NAME (OPTIONAL)

Reported by: rootbakar___ | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

twitter api access token leaked on github

Reported by: sonahri_501 | Disclosed:

Weakness: Cleartext Storage of Sensitive Information

Liberapay Non Verified Account Takeover with signup feature

Reported by: khizer47 | Disclosed:

Weakness: Improper Authentication - Generic

Disavowed an email without any authentication

Reported by: hunterr0x01 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Page 1 of 3 Next