Bounties
Partners
Community
Info
bookwyrm-social / bookwyrm
Project repository
Social reading and reviewing, decentralized with ActivityPub
Submit a report
FIRST INTERACTION
WITHIN
1 DAY
REVIEW
WITHIN
4 DAYS
FIX
WITHIN
6 DAYS
Take over any type of status of any users (like review,...) and modify it or del...
Apr 13th 2023
mq-xz
•
pending
No rate limit on delete account feature allows an attacker to delete the victim...
Sep 22nd 2022
nehalr777
•
pending
Audit url open for permitted schemes.
Aug 31st 2022
ahsentekdemir
•
self closed
UI Redressing (Clickjacking)
Aug 22nd 2022
0xcybery
•
self closed
Improper Link Input Validation leads to Open Redirect [bookwyrm.social]
Aug 6th 2022
agnihackers
•
pending
insecure direct object reference
Aug 6th 2022
gaurav-g2
•
pending
Idor lead to create list in private group
Aug 6th 2022
gaurav-g2
•
pending
Authorization Bypass: Blocked User can still send Direct Messages to the the Use...
Aug 5th 2022
ahmad0x1
•
duplicate
Critical
Send message to blocked user
Aug 29th 2022
gaurav-g2
•
Critical
Critical
Tabnabbing via window.opener [bookwyrm.social]
Aug 5th 2022
agnihackers
•
High
•
$5
High
•
$5
•
CVE-2022-35953
CVE-2022-35953
No Rate Limit On Reset Password Page [ bookwyrm.social ]
Aug 4th 2022
agnihackers
•
duplicate
Critical
Account Takeover
Aug 4th 2022
agnihackers
•
duplicate
Critical
Idor when creating group
Aug 5th 2022
gaurav-g2
•
Critical
•
$10
Critical
•
$10
Insecure Direct Object References when creating a list
Jul 28th 2022
khanhchauminh
•
Critical
•
$14
Critical
•
$14
Cross-Site Request Forgery (CSRF)
Jul 29th 2022
khanhchauminh
•
Critical
•
$14
Critical
•
$14
Insecure direct object references in "comment" function
Jul 15th 2022
nhienit2010
•
duplicate
Critical
Insecure direct object references in "review" function
Jul 15th 2022
nhienit2010
•
Critical
•
$10
Critical
•
$10
Insecure direct object references in "reply" function
Jul 15th 2022
nhienit2010
•
duplicate
Critical
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Jul 14th 2022
7h3h4ckv157
•
pending
Server-Side Request Forgery (SSRF)
Jul 14th 2022
khanhchauminh
•
pending
Insecure redirect when submit invalid form
Jul 14th 2022
nhienit2010
•
High
•
$5
High
•
$5
Insecure direct object references in `create-shelf` function
Jul 14th 2022
nhienit2010
•
Critical
•
$10
Critical
•
$10
Insecure Storage of Sensitive Information
Jul 13th 2022
khanhchauminh
•
pending
No Rate Limit On Resend confirmation link Page
Jul 15th 2022
khanhchauminh
•
duplicate
Critical
Email enumeration via Resend link page
Jul 14th 2022
khanhchauminh
•
High
•
$8
High
•
$8
Email Verification Bypass Leads To Account Takeover
Jul 28th 2022
akshayravic09yc47
•
Critical
•
$10
Critical
•
$10
•
CVE-2022-2651
CVE-2022-2651
Account Takeover
Jul 28th 2022
akshayravic09yc47
•
Critical
•
$10
Critical
•
$10
•
CVE-2022-35925
CVE-2022-35925
Accept weak password in reset-password function
Jul 15th 2022
nhienit2010
•
Critical
•
$10
Critical
•
$10
Open redirect when login successfully
Jul 14th 2022
nhienit2010
•
High
•
$5
High
•
$5
Cross-Site Request Forgery (CSRF)
Jul 11th 2022
khanhchauminh
•
High
•
$6
High
•
$6
Weak policy at Change password function
Jul 11th 2022
khanhchauminh
•
Critical
•
$12
Critical
•
$12
No Password Verification on Changing password leads to Account takeover
Jul 11th 2022
khanhchauminh
•
duplicate
Critical
Weak Password Change Mechanism
Jul 11th 2022
7h3h4ckv157
•
High
•
$5
High
•
$5
No Rate Limit On Reset Password Page
Jul 28th 2022
khanhchauminh
•
Critical
•
$12
Critical
•
$12
Cross-Site Request Forgery (CSRF)
Jul 10th 2022
khanhchauminh
•
High
•
$6
High
•
$6
Email enumeration via Reset password page
Jul 7th 2022
khanhchauminh
•
Low
Low
Mutation Stored XSS at homepage
Jul 5th 2022
vovikhangcdv
•
Critical
•
$10
Critical
•
$10
•
CVE-2022-31136
CVE-2022-31136
Improper Link Input Validation leads to Cross-site Scripting (XSS)
Jul 5th 2022
vovikhangcdv
•
Medium
Medium
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
