reports in last 90 days


disclosed resolved issues


disclosed informative issues


disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

None Slack Token exposed over internet (Github)

Cleartext Storage of Sensitive Information sanjogpanda Issue was not triaged

Time to close: 8 Days and 3 hours

Critical Broken access control on apps

Improper Access Control - Generic theappsec Time to triage: 7 Days and 6 hours

Time to close: 0 Days and 0 hours

No rating Blind XSS in the registration email

Cross-site Scripting (XSS) - Stored edoverflow Time to triage: 15 Days and 19 hours

Time to close: 25 Days and 3 hours

Medium XSS (stored) Wizard is saving executable code

Cross-site Scripting (XSS) - Stored 24nitin Time to triage: 12 Days and 1 hours

Time to close: 23 Days and 0 hours

High Remote Code Execution in Rocket.Chat Desktop

Code Injection mattaustin Time to triage: 0 Days and 7 hours

Time to close: 218 Days and 23 hours

Medium Remote code execution by hijacking an unclaimed S3 bucket in Rocket.Chat's installation script.

Code Injection edoverflow Time to triage: 2 Days and 20 hours

Time to close: 0 Days and 0 hours