1FEATUREDshowReports

Staff picks

These reports got our attention recently.

2REPORTSshowReports

All public reports

Learn and take inspiration from reports submitted by other researchers from our bug hunting community. See what areas others are focusing on, how they build their reports, and how they are being rewarded. Note that the following VRPs disclose bugs at alternative locations: Chrome VRP & ChromeOS VRP.
Report Image
Report Name
Author
Program
Submitted
Link
fix toJSON spelling in firestore sdk Abhishek Mathur Google VRP Feb 12, 2024 view
Firestore private key leaked by using JSON.stringify on any firestore object in Node.JS Abhishek Mathur Google VRP Nov 27, 2023 view
v8CTF submission 45ff096edfe1 madStacks Google VRP Oct 26, 2023 view
Vulnerabilities in the algorithms used by Fuchsia/gVisor to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID Google VRP Oct 4, 2023 view
Auth Bypass in verily.com Ayush Sahu Google VRP Jan 3, 2023 view
HTML INJECTION Vaidik Pandya Google VRP Dec 8, 2022 view
Items per page:
1 – 6 of 70