Languages

50 bounties displayed

Important Change

Instead of $25 for a merge into our repository, we now award $80 for a fix merged into the upstream repository.

The bounty is split equally between the fixer and discloser ($40 each).

null
Go
BookStack
Zip slip
$40
710XP
severity
I I I I
impact
I I I I
null
JavaScript
DaybydayCRM
Cross site scripting
$40
980XP
severity
I I I I
impact
I I I I
null
JavaScript
DaybydayCRM
Cross site scripting
$40
700XP
severity
I I I I
impact
I I I I
null
JavaScript
DaybydayCRM
Cross site scripting
$40
910XP
severity
I I I I
impact
I I I I
npm
JavaScript
keypather
Prototype Pollution
$40
730XP
severity
I I I I
impact
I I I I
npm
TypeScript
tui-grid
reflected cross site scripting
$40
750XP
severity
I I I I
impact
I I I I
npm
TypeScript
tui-grid
Cross-Site Scripting (XSS)
$40
819XP
severity
I I I I
impact
I I I I
null
JavaScript
docs
Brute Force
$40
730XP
severity
I I I I
impact
I I I I
null
PHP
online-invoicing-system
Cross Site Scripting
$40
650XP
severity
I I I I
impact
I I I I
null
PHP
online-invoicing-system
Cross Site Scripting
$40
650XP
severity
I I I I
impact
I I I I
null
PHP
dolibarr
IDOR leading to Privilege Esca...
$40
740XP
severity
I I I I
impact
I I I I
null
Java
klask-io
XSS on Klask-io through "search"
$40
630XP
severity
I I I I
impact
I I I I
npm
TypeScript
@syncfusion/ej2-base
Cross-site Scripting (XSS)
$40
540XP
severity
I I I I
impact
I I I I
npm
TypeScript
@carbon/charts-angular
Cross-site Scripting (XSS)
$40
540XP
severity
I I I I
impact
I I I I
packagist
PHP
symphonycms/symphony-2
Cross-site Scripting (XSS)
$40
459XP
severity
I I I I
impact
I I I I
packagist
PHP
s-cart/s-cart
Cross-site Scripting (XSS)
$40
470XP
severity
I I I I
impact
I I I I
packagist
PHP
phppgadmin/phppgadmin
Cross-site Request Forgery (CSRF)
$40
630XP
severity
I I I I
impact
I I I I
packagist
PHP
opencart/opencart
Cross-site Scripting (XSS)
$40
670XP
severity
I I I I
impact
I I I I
npm
JavaScript
zingchart
Cross-site Scripting (XSS)
$40
540XP
severity
I I I I
impact
I I I I
npm
Vue
zingchart-vue
Cross-site Scripting (XSS)
$40
540XP
severity
I I I I
impact
I I I I
packagist
PHP
lavalite/cms
Cross-site Scripting (XSS)
$40
540XP
severity
I I I I
impact
I I I I
npm
JavaScript
x-data-spreadsheet
xxS
$40
750XP
severity
I I I I
impact
I I I I
npm
JavaScript
web3
Insecure Credential Storage
$40
330XP
severity
I I I I
impact
I I I I
npm
TypeScript
utilizes.set
Prototype Pollution
$40
650XP
severity
I I I I
impact
I I I I
npm
JavaScript
mobiledoc-kit
XSS
$40
730XP
severity
I I I I
impact
I I I I
npm
JavaScript
luckysheet
XSS
$40
730XP
severity
I I I I
impact
I I I I
npm
JavaScript
keystone
ssrf
$40
750XP
severity
I I I I
impact
I I I I
npm
JavaScript
jodit
xss
$40
750XP
severity
I I I I
impact
I I I I
npm
JavaScript
ibm-gantt-chart
Cross-site Scripting (XSS)
$40
540XP
severity
I I I I
impact
I I I I
npm
JavaScript
frappe-charts
Cross-site Scripting (XSS)
$40
540XP
severity
I I I I
impact
I I I I
npm
JavaScript
fusioncharts
Cross-site Scripting (XSS)
$40
540XP
severity
I I I I
impact
I I I I
npm
JavaScript
express-brute
Rate Limiting Bypass
$40
560XP
severity
I I I I
impact
I I I I
npm
JavaScript
deferred-exec
Command Injection
$40
730XP
severity
I I I I
impact
I I I I
npm
JavaScript
dhtmlx-gantt
Cross-site Scripting (XSS)
$40
540XP
severity
I I I I
impact
I I I I
rubygems
Ruby
radiant
Cross-site Scripting (XSS)
$40
720XP
severity
I I I I
impact
I I I I
rubygems
Ruby
spree
Username Enumeration
$40
370XP
severity
I I I I
impact
I I I I
rubygems
Ruby
spree
Lack of Rate Limiting
$40
370XP
severity
I I I I
impact
I I I I
rubygems
Ruby
goliath
HTTP Request Smuggling
$40
590XP
severity
I I I I
impact
I I I I
null
JavaScript
ulogger-server
Auth Bypass via CSRF
$40
680XP
severity
I I I I
impact
I I I I
null
TypeScript
traduora
Mass Account Creation
$40
530XP
severity
I I I I
impact
I I I I
null
JavaScript
svgomg
ssrf
$40
750XP
severity
I I I I
impact
I I I I
null
JavaScript
docs
Account takeover with CSRF
$40
800XP
severity
I I I I
impact
I I I I
null
JavaScript
svgedit
SSRF
$40
730XP
severity
I I I I
impact
I I I I
null
PHP
cms
Cross-Site Scripting (XSS)
$40
540XP
severity
I I I I
impact
I I I I
null
Java
mucommander
zip-slip
$40
750XP
severity
I I I I
impact
I I I I
null
JavaScript
docs
XSS
$40
730XP
severity
I I I I
impact
I I I I
null
JavaScript
Method-Draw
ssrf
$40
750XP
severity
I I I I
impact
I I I I
null
JavaScript
DaybydayCRM
Cross-site Scripting (XSS)
$40
540XP
severity
I I I I
impact
I I I I
null
Go
BookStack
XSS
$40
750XP
severity
I I I I
impact
I I I I
maven
Scala
argonaut
Denial of Service (DoS)
$40
509XP
severity
I I I I
impact
I I I I