DuckDuckGo Bug Bounty Program Statistics | BugBountyHunter.com

DuckDuckGo Program Statistics

13 total issues disclosed

$0 total paid publicly

Most disclosed (3 disclosures) — Cross-site Scripting (XSS) - DOM

Disclosed Reports

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
com.duckduckgo.mobile.android - Cache corruption	Business Logic Errors	webklex	Medium	2021-09-26
Reflected/Stored XSS on duckduckgo.com	Cross-site Scripting (XSS) - Reflected	monke	High	2021-04-10
DOM XSS on duckduckgo.com search	Cross-site Scripting (XSS) - DOM	sijisu	Medium	2020-08-20
XSS on Videos IA	Cross-site Scripting (XSS) - Stored	capuzsec	Medium	2020-07-31
DOM XSS on duckduckgo.com search	Cross-site Scripting (XSS) - Reflected	cujanovic	Medium	2020-06-26
DOM XSS on duckduckgo.com search	None supplied	cujanovic	High	2020-06-14
Partial bypass of #483774 with Blind XXE on https://duckduckgo.com	XML External Entities (XXE)	mik317	High	2019-02-25
XXE on https://duckduckgo.com	XML External Entities (XXE)	mik317	Critical	2019-01-31
DOM XSS on 50x.html page on proxy.duckduckgo.com	Cross-site Scripting (XSS) - DOM	smither	High	2018-11-07
SSRF vulnerability on proxy.duckduckgo.com (access to metadata server on AWS)	None supplied	cujanovic	Critical	2018-10-31
DOM XSS on 50x.html page	Cross-site Scripting (XSS) - DOM	cujanovic	High	2018-10-16
SSRF on duckduckgo.com/iu/	Server-Side Request Forgery (SSRF)	d0nut	High	2018-09-09
SSRF in proxy.duckduckgo.com via the image_host parameter	Server-Side Request Forgery (SSRF)	fpatrik	High	2018-08-15