Algolia


reports in last 90 days

30

disclosed resolved issues

0

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Medium subdomain take over at recommendation.algolia.com

Violation of Secure Design Principles badcracker Time to triage: 0 Days and 4 hours


Time to close: 0 Days and 0 hours
Resolved

High [GitHub Extension] Unsanitised HTML leading to XSS on GitHub.com

Cross-site Scripting (XSS) - DOM ysx Issue was not triaged


Time to close: 11 Days and 17 hours
Resolved

Medium Web Cache Deception Attack (XSS)

Cross-site Scripting (XSS) - Reflected testingforbugs Time to triage: 2 Days and 2 hours


Time to close: 3 Days and 18 hours
Resolved

Medium Directory traversal at https://msg.algolia.com

Path Traversal n00bsec Time to triage: 0 Days and 6 hours


Time to close: 0 Days and 7 hours
Resolved

Low Text injection on status.algolia.com

Violation of Secure Design Principles sh3r1 Time to triage: 0 Days and 0 hours


Time to close: 45 Days and 1 hours
Resolved

Medium SAUCE Access_key and User_name leaked in Travis CI build logs

Information Disclosure an0n-j Issue was not triaged


Time to close: 1 Days and 9 hours
Resolved

Medium An “algobot”-s GitHub access token was leaked

Information Disclosure sainaen Time to triage: 0 Days and 0 hours


Time to close: 10 Days and 13 hours
Resolved

High [GitHub Extension] Unsanitised HTML leading to XSS on GitHub.com

Cross-site Scripting (XSS) - DOM ysx Issue was not triaged


Time to close: 11 Days and 17 hours
Resolved

Medium [github.algolia.com] DOM Based XSS github-btn.html

Cross-site Scripting (XSS) - Generic bobrov Issue was not triaged


Time to close: 2 Days and 22 hours
Resolved

No rating No rate limit for Referral Program

Violation of Secure Design Principles madxcmg Time to triage: 7 Days and 0 hours


Time to close: 4 Days and 1 hours
Resolved

No rating Reflected XSS

Cross-site Scripting (XSS) - Generic no_thing Issue was not triaged


Time to close: 7 Days and 19 hours
Resolved

No rating 2-factor authentication bypass

Improper Authentication - Generic malcolmx Time to triage: 3 Days and 10 hours


Time to close: 12 Days and 17 hours
Resolved

No rating Unauthorized team members can leak information and see all API calls through /1/admin/* endpoints, even after they have been removed.

Improper Authentication - Generic eboda Time to triage: 0 Days and 20 hours


Time to close: 84 Days and 3 hours
Resolved

No rating Possilbe Sub Domain takever at prestashop.algolia.com

None supplied punkrock Issue was not triaged


Time to close: 1 Days and 15 hours
Resolved

No rating Hyperlink Injection in Friend Invitation Emails

Open Redirect corb3nik Time to triage: 1 Days and 18 hours


Time to close: 4 Days and 16 hours
Resolved

No rating RCE on facebooksearch.algolia.com

Code Injection michiel Time to triage: 0 Days and 1 hours


Time to close: 4 Days and 3 hours
Resolved

No rating No Rate Limit In Inviting Similar Contact Multiple Times

Cryptographic Issues - Generic rajauzairabdullah Time to triage: 1 Days and 10 hours


Time to close: 20 Days and 15 hours
Resolved

No rating Stored XSS triggered by json key during UI generation

Cross-site Scripting (XSS) - Generic ctee Time to triage: 0 Days and 18 hours


Time to close: 3 Days and 17 hours
Resolved

No rating Stored XSS from Display Settings triggered on Save and viewing realtime search demo

Cross-site Scripting (XSS) - Generic ctee Time to triage: 0 Days and 15 hours


Time to close: 3 Days and 17 hours
Resolved

No rating Stored xss

Cross-site Scripting (XSS) - Generic rishi62 Time to triage: 0 Days and 17 hours


Time to close: 3 Days and 17 hours
Resolved

No rating [github.algolia.com] XSS

Cross-site Scripting (XSS) - Generic bogdantcaciuc Issue was not triaged


Time to close: 0 Days and 21 hours
Resolved

No rating Stored xss

Cross-site Scripting (XSS) - Generic sysecure Time to triage: 0 Days and 3 hours


Time to close: 0 Days and 1 hours
Resolved

No rating Stored XSS in name selection

Cross-site Scripting (XSS) - Generic dly Issue was not triaged


Time to close: 37 Days and 7 hours
Resolved

No rating PHP version disclosed on blog.algolia.com

Information Disclosure bugs3ra Issue was not triaged


Time to close: 0 Days and 14 hours
Resolved

No rating API Key added for one Indices works for all other indices too.

Improper Authentication - Generic bugs3ra Time to triage: 3 Days and 2 hours


Time to close: 0 Days and 18 hours
Resolved