[{"id":286728,"username":"edoverflow","team_handle":"gratipay","team_name":"Gratipay","title":"Saying goodbye to HackerOne and Gratipay.","substate":"resolved","disclosed_at":"2017-11-02T21:08:48.437Z","bounty":0.0},{"id":284811,"username":"thebugguy","team_handle":"gratipay","team_name":"Gratipay","title":"Reflected SQL Execution","substate":"spam","disclosed_at":"2017-10-31T14:47:59.150Z"},{"id":284807,"username":"b6d1c05a07d5e281f83043b","team_handle":"gratipay","team_name":"Gratipay","title":"i am The bug","substate":"spam","disclosed_at":"2017-10-31T14:28:01.514Z"},{"id":283951,"username":"haxorgirl","team_handle":"gratipay","team_name":"Gratipay","title":"Bypassing X-frame options ","substate":"not-applicable","disclosed_at":"2017-10-29T21:18:27.161Z"},{"id":279351,"username":"mehmil","team_handle":"gratipay","team_name":"Gratipay","title":"Broken link for stale DNS entry may be leveraged for Phishing, Misinformation, Serving Malware","substate":"informative","disclosed_at":"2017-10-18T15:34:24.860Z","bounty":0.0},{"id":273647,"username":"sandeepl337","team_handle":"gratipay","team_name":"Gratipay","title":"Adding Used Primary Email Address to attacker account and Account takeover","substate":"informative","disclosed_at":"2017-10-05T14:38:00.608Z","bounty":0.0},{"id":267212,"username":"nihaddl","team_handle":"gratipay","team_name":"Gratipay","title":"400 Bad Request [Use a third-party provider to sign in or create an account on Gratipay]","substate":"not-applicable","disclosed_at":"2017-09-09T17:23:03.783Z"},{"id":267189,"username":"nihaddl","team_handle":"gratipay","team_name":"Gratipay","title":"clickjacking on https://gratipay.com/on/npm/[text]","substate":"informative","disclosed_at":"2017-09-09T13:55:11.030Z"},{"id":262852,"username":"tungpun","team_handle":"gratipay","team_name":"Gratipay","title":"Reflected XSS - gratipay.com","substate":"resolved","disclosed_at":"2017-08-24T23:01:51.105Z","bounty":0.0},{"id":262620,"username":"sp4rrow","team_handle":"gratipay","team_name":"Gratipay","title":"Gratipay rails secret token (secret_key_base) publicly exposed in GitHub","substate":"resolved","disclosed_at":"2017-08-23T17:04:45.686Z"},{"id":262088,"username":"test99767","team_handle":"gratipay","team_name":"Gratipay","title":"Show hide privacy giving receiving on my website ","substate":"informative","disclosed_at":"2017-09-09T17:23:33.680Z"},{"id":262005,"username":"behzad900","team_handle":"gratipay","team_name":"Gratipay","title":"xss ","substate":"not-applicable","disclosed_at":"2017-08-21T18:04:46.069Z"},{"id":261706,"username":"theendisnear","team_handle":"gratipay","team_name":"Gratipay","title":"Missing Certificate Authority Authorization rule","substate":"duplicate","disclosed_at":"2017-09-09T17:23:46.490Z"},{"id":260928,"username":"gujjuboy10x00","team_handle":"gratipay","team_name":"Gratipay","title":"Missing Certificate Authority Authorization rule","substate":"informative","disclosed_at":"2017-09-09T17:23:54.834Z"},{"id":257331,"username":"anshad","team_handle":"gratipay","team_name":"Gratipay","title":"Sub domain take over in gratipay.com","substate":"informative","disclosed_at":"2017-08-08T16:04:50.362Z"},{"id":248037,"username":"lozsec","team_handle":"gratipay","team_name":"Gratipay","title":"SQL TEST","substate":"not-applicable","disclosed_at":"2017-07-11T11:01:12.565Z"},{"id":247700,"username":"edoverflow","team_handle":"gratipay","team_name":"Gratipay","title":"Application-level DoS on image's \"size\" parameter.","substate":"resolved","disclosed_at":"2017-11-02T19:16:20.811Z","bounty":0.0},{"id":245762,"username":"tanvi07","team_handle":"gratipay","team_name":"Gratipay","title":"self cross site scripting","substate":"informative","disclosed_at":"2017-07-10T09:50:38.877Z","bounty":0.0},{"id":244070,"username":"mkd1r","team_handle":"gratipay","team_name":"Gratipay","title":"SSl Weak Ciphers","substate":"duplicate","disclosed_at":"2017-07-10T09:58:33.536Z"},{"id":242622,"username":"mr_unknown","team_handle":"gratipay","team_name":"Gratipay","title":"Possible User Session Hijack using Invalid HTTPS certificate on inside.gratipay.com domain","substate":"not-applicable","disclosed_at":"2017-06-24T14:00:56.967Z"},{"id":241892,"username":"b3nac","team_handle":"gratipay","team_name":"Gratipay","title":"Possible user session hijack by invalid HTTPS certificate on inside.gratipay.com domain","substate":"duplicate","disclosed_at":"2017-06-21T14:30:21.715Z"},{"id":241341,"username":"4w3","team_handle":"gratipay","team_name":"Gratipay","title":"CSP Policy Bypass and javascript execution Still Not Fixed","substate":"duplicate","disclosed_at":"2017-06-19T15:19:40.416Z"},{"id":241192,"username":"athuljayaram","team_handle":"gratipay","team_name":"Gratipay","title":"CSP Policy Bypass and javascript execution","substate":"duplicate","disclosed_at":"2017-06-18T17:40:27.286Z"},{"id":240987,"username":"tangina","team_handle":"gratipay","team_name":"Gratipay","title":"Email Spoofing","substate":"duplicate","disclosed_at":"2017-06-17T12:02:48.480Z"},{"id":231510,"username":"smziaurrashid","team_handle":"gratipay","team_name":"Gratipay","title":"Gratipay Website CSP \"script-scr\" includes \"unsafe-inline\"","substate":"informative","disclosed_at":"2017-05-25T14:58:39.121Z"},{"id":231086,"username":"d4rk_g1rl","team_handle":"gratipay","team_name":"Gratipay","title":"CSP \"script-src\" includes \"unsafe-inline\" in https://gratipay.com","substate":"informative","disclosed_at":"2017-07-10T09:59:44.036Z","bounty":0.0},{"id":226648,"username":"7h0r4pp4n","team_handle":"gratipay","team_name":"Gratipay","title":"Unauthorized access to the slack channel via inside.gratipay.com/appendices/chat","substate":"informative","disclosed_at":"2017-05-09T13:41:58.518Z","bounty":0.0},{"id":221133,"username":"b3nac","team_handle":"gratipay","team_name":"Gratipay","title":"Sub Domain Takeover","substate":"resolved","disclosed_at":"2017-10-24T16:13:22.787Z"},{"id":219601,"username":"sp1d3rs","team_handle":"gratipay","team_name":"Gratipay","title":"Transferring incorrect data to the http://gip.rocks/v1 endpoint with correct Content-Type leads to local paths disclosure through the error message","substate":"duplicate","disclosed_at":"2017-04-08T19:30:14.931Z"},{"id":219499,"username":"wazehell","team_handle":"gratipay","team_name":"Gratipay","title":"POODLE SSLv3.0","substate":"informative","disclosed_at":"2017-04-09T09:05:38.371Z"},{"id":219323,"username":"edoverflow","team_handle":"gratipay","team_name":"Gratipay","title":"CSV injection in gratipay.com via payment history export feature.","substate":"resolved","disclosed_at":"2017-11-03T07:55:04.511Z","bounty":0.0},{"id":214449,"username":"edoverflow","team_handle":"gratipay","team_name":"Gratipay","title":"Content-Length restriction bypass to heap overflow in gip.rocks.","substate":"resolved","disclosed_at":"2017-03-20T20:17:36.903Z","bounty":0.0},{"id":211149,"username":"mhashim29","team_handle":"gratipay","team_name":"Gratipay","title":"Inadequate/dangerous jQuery behavior","substate":"resolved","disclosed_at":"2017-04-05T19:54:51.888Z"},{"id":209821,"username":"ant_pyne","team_handle":"gratipay","team_name":"Gratipay","title":"URL Given leading to end users ending up in malicious sites","substate":"informative","disclosed_at":"2017-03-01T22:15:49.827Z","bounty":0.0},{"id":203409,"username":"a0xnirudh","team_handle":"gratipay","team_name":"Gratipay","title":"HTTP trace method is enabled on aspen.io","substate":"resolved","disclosed_at":"2017-03-31T14:49:55.376Z"},{"id":203388,"username":"a0xnirudh","team_handle":"gratipay","team_name":"Gratipay","title":"Content length restriction bypass can lead to DOS by reading large files on gip.rocks","substate":"resolved","disclosed_at":"2017-03-31T14:50:05.910Z"},{"id":203384,"username":"a0xnirudh","team_handle":"gratipay","team_name":"Gratipay","title":"HTTP trace method is enabled on gip.rocks","substate":"resolved","disclosed_at":"2017-04-08T11:06:44.196Z"},{"id":193556,"username":"aa23","team_handle":"gratipay","team_name":"Gratipay","title":"Session Fixation At Logout /Session Misconfiguration","substate":"informative","disclosed_at":"2016-12-29T21:19:54.116Z"},{"id":192986,"username":"aa23","team_handle":"gratipay","team_name":"Gratipay","title":"User Enumeration","substate":"informative","disclosed_at":"2016-12-27T13:17:26.609Z"},{"id":190964,"username":"lulliii","team_handle":"gratipay","team_name":"Gratipay","title":"Content type incorrectly stated","substate":"informative","disclosed_at":"2016-12-27T13:41:07.695Z"},{"id":190373,"username":"edoverflow","team_handle":"gratipay","team_name":"Gratipay","title":"Gratipay uses the random module's cryptographically insecure PRNG.","substate":"informative","disclosed_at":"2016-12-12T17:07:22.677Z","bounty":0.0},{"id":190194,"username":"lulliii","team_handle":"gratipay","team_name":"Gratipay","title":"Cookie HttpOnly Flag Not Set ","substate":"duplicate","disclosed_at":"2016-12-29T21:17:06.554Z"},{"id":190015,"username":"lulliii","team_handle":"gratipay","team_name":"Gratipay","title":"Certificate signed using SHA-1","substate":"duplicate","disclosed_at":"2016-12-29T21:17:35.070Z"},{"id":185835,"username":"lulliii","team_handle":"gratipay","team_name":"Gratipay","title":"Secure Pages Include Mixed Content","substate":"duplicate","disclosed_at":"2016-12-29T21:17:57.596Z"},{"id":185833,"username":"lulliii","team_handle":"gratipay","team_name":"Gratipay","title":"Incomplete or No Cache-control and Pragma HTTP Header Set","substate":"resolved","disclosed_at":"2017-03-17T19:01:10.112Z"},{"id":174228,"username":"promx","team_handle":"gratipay","team_name":"Gratipay","title":"CSRF csrftoken in cookies","substate":"informative","disclosed_at":"2016-12-07T21:18:09.022Z"},{"id":164922,"username":"arslan1337","team_handle":"gratipay","team_name":"Gratipay","title":"XSS found In Your Web","substate":"informative","disclosed_at":"2017-10-01T12:39:49.921Z"},{"id":163949,"username":"akash_9021","team_handle":"gratipay","team_name":"Gratipay","title":"Username Restriction is not applied for reserved folders","substate":"informative","disclosed_at":"2016-12-30T07:46:36.420Z"},{"id":163904,"username":"akash_9021","team_handle":"gratipay","team_name":"Gratipay","title":"Username can be used to trick the victim on the name of www.gratipay.com","substate":"informative","disclosed_at":"2016-12-30T07:47:33.396Z"},{"id":163815,"username":"yodha","team_handle":"gratipay","team_name":"Gratipay","title":"Lack of CSRF token validation at server side","substate":"informative","disclosed_at":"2017-07-10T10:00:17.097Z","bounty":0.0},{"id":163812,"username":"yodha","team_handle":"gratipay","team_name":"Gratipay","title":"Insecure Transportation Security Protocol Supported (TLS 1.0)","substate":"informative","disclosed_at":"2017-07-10T09:58:26.373Z","bounty":0.0},{"id":162336,"username":"karthic","team_handle":"gratipay","team_name":"Gratipay","title":"x-xss protection header is not set in response header","substate":"informative","disclosed_at":"2017-07-10T10:01:10.078Z"},{"id":162120,"username":"muhaddix","team_handle":"gratipay","team_name":"Gratipay","title":"Cross Site Scripting In Profile Statement ","substate":"informative","disclosed_at":"2016-08-23T08:16:42.186Z","bounty":0.0},{"id":161935,"username":"karthic","team_handle":"gratipay","team_name":"Gratipay","title":"Usernames ending in .json are not restricted","substate":"informative","disclosed_at":"2017-07-10T10:03:36.541Z"},{"id":161918,"username":"i1ackerone","team_handle":"gratipay","team_name":"Gratipay","title":"Reset Link Issue","substate":"not-applicable","disclosed_at":"2016-08-30T00:03:49.508Z"},{"id":161621,"username":"exception","team_handle":"gratipay","team_name":"Gratipay","title":"XSS Via Method injection","substate":"informative","disclosed_at":"2016-09-01T11:43:56.356Z"},{"id":158482,"username":"aaron_costello","team_handle":"gratipay","team_name":"Gratipay","title":"Host Header poisoning on gratipay.com","substate":"duplicate","disclosed_at":"2017-08-21T13:32:31.677Z"},{"id":157563,"username":"akanshaminti","team_handle":"gratipay","team_name":"Gratipay","title":"Cookie:HttpOnly Flag not set","substate":"duplicate","disclosed_at":"2016-08-08T15:00:38.071Z","bounty":0.0},{"id":157507,"username":"footstep","team_handle":"gratipay","team_name":"Gratipay","title":"nginx version disclosure on downloads.gratipay.com","substate":"informative","disclosed_at":"2017-05-18T08:01:03.736Z"},{"id":157465,"username":"footstep","team_handle":"gratipay","team_name":"Gratipay","title":"Host Header Injection/Redirection Attack","substate":"not-applicable","disclosed_at":"2016-08-07T23:06:12.949Z"},{"id":156542,"username":"s_p_q_r","team_handle":"gratipay","team_name":"Gratipay","title":"Avoid \"resend verification email\" confusion","substate":"resolved","disclosed_at":"2017-03-20T17:07:44.516Z","bounty":1.0},{"id":154921,"username":"ahsan","team_handle":"gratipay","team_name":"Gratipay","title":"Content Spoofing/Text Injection ","substate":"resolved","disclosed_at":"2016-08-07T17:12:29.676Z","bounty":1.0},{"id":152834,"username":"ahsan","team_handle":"gratipay","team_name":"Gratipay","title":"[gratipay.com] Cross Site Tracing","substate":"informative","disclosed_at":"2017-08-21T13:32:01.664Z","bounty":0.0},{"id":152477,"username":"sh4dow","team_handle":"gratipay","team_name":"Gratipay","title":"Username .. (double dot) should be restricted or handled carefully","substate":"informative","disclosed_at":"2016-07-20T13:46:30.099Z"},{"id":151831,"username":"roshanpty","team_handle":"gratipay","team_name":"Gratipay","title":"User Supplied links on profile page is not validated and redirected via gratipay.","substate":"duplicate","disclosed_at":"2016-07-24T09:01:14.578Z","bounty":0.0},{"id":151827,"username":"roshanpty","team_handle":"gratipay","team_name":"Gratipay","title":"The contribution save option seem to be vulnerable to CSRF","substate":"informative","disclosed_at":"2016-07-17T15:14:38.881Z","bounty":0.0},{"id":151302,"username":"ahsan","team_handle":"gratipay","team_name":"Gratipay","title":"don't leak Server version for assets.gratipay.com","substate":"duplicate","disclosed_at":"2017-08-21T13:31:18.820Z","bounty":0.0},{"id":151295,"username":"zuh4n","team_handle":"gratipay","team_name":"Gratipay","title":"don't allow directory browsing on grtp.co","substate":"informative","disclosed_at":"2016-07-14T10:21:59.231Z","bounty":0.0},{"id":151165,"username":"hunter012","team_handle":"gratipay","team_name":"Gratipay","title":"This is a test report","substate":"not-applicable","disclosed_at":"2017-07-11T17:59:14.668Z","bounty":0.0},{"id":150917,"username":"thezawad","team_handle":"gratipay","team_name":"Gratipay","title":"prevent null bytes in email field","substate":"informative","disclosed_at":"2016-07-13T03:00:25.610Z"},{"id":149710,"username":"japz","team_handle":"gratipay","team_name":"Gratipay","title":"don't leak Server version for assets.gratipay.com","substate":"informative","disclosed_at":"2016-07-11T10:13:39.008Z","bounty":0.0},{"id":145207,"username":"hassanjawaid","team_handle":"gratipay","team_name":"Gratipay","title":"set Expires header","substate":"not-applicable","disclosed_at":"2017-08-21T13:30:33.252Z"},{"id":145206,"username":"hassanjawaid","team_handle":"gratipay","team_name":"Gratipay","title":"set Pragma header","substate":"not-applicable","disclosed_at":"2017-09-09T17:24:14.089Z"},{"id":143139,"username":"valievkarim","team_handle":"gratipay","team_name":"Gratipay","title":"upgrade Aspen on inside.gratipay.com to pick up CR injection fix","substate":"resolved","disclosed_at":"2017-03-22T22:31:09.767Z","bounty":40.0},{"id":140432,"username":"paulos__","team_handle":"gratipay","team_name":"Gratipay","title":"configure a redirect URI for Facebook OAuth","substate":"resolved","disclosed_at":"2016-06-17T06:42:09.412Z","bounty":10.0},{"id":140377,"username":"0x0ameer","team_handle":"gratipay","team_name":"Gratipay","title":"don't store CSRF tokens in cookies","substate":"informative","disclosed_at":"2016-06-16T15:25:14.224Z"},{"id":138659,"username":"tbehroz","team_handle":"gratipay","team_name":"Gratipay","title":"don't expose path of Python ","substate":"informative","disclosed_at":"2016-05-13T20:49:41.685Z","bounty":0.0},{"id":136720,"username":"dotnick","team_handle":"gratipay","team_name":"Gratipay","title":"don't leak server version of grtp.co in error pages","substate":"resolved","disclosed_at":"2016-07-14T05:36:47.385Z"},{"id":131452,"username":"sondash128","team_handle":"gratipay","team_name":"Gratipay","title":"PHP 5.4.45 is Outdated and Full of Preformance Interupting Arbitrary Code Execution Bugs","substate":"not-applicable","disclosed_at":"2017-08-21T13:29:40.785Z"},{"id":131065,"username":"mmyamin","team_handle":"gratipay","team_name":"Gratipay","title":"bring grtp.co up to A grade on SSLLabs","substate":"resolved","disclosed_at":"2016-08-13T22:03:09.890Z","bounty":1.0},{"id":131053,"username":"drstache","team_handle":"gratipay","team_name":"Gratipay","title":"Submit a non valid syntax email","substate":"informative","disclosed_at":"2017-08-21T13:28:04.878Z"},{"id":131047,"username":"drstache","team_handle":"gratipay","team_name":"Gratipay","title":"Possible Blind SQL injection | Language choice in presentation","substate":"informative","disclosed_at":"2017-08-21T13:29:04.985Z"},{"id":129209,"username":"lilly","team_handle":"gratipay","team_name":"Gratipay","title":"After removing app from facebook app session not expiring.","substate":"duplicate","disclosed_at":"2017-08-21T13:33:08.401Z"},{"id":128910,"username":"007divyachawla","team_handle":"gratipay","team_name":"Gratipay","title":"prevent %2f spoofed URLs in profile statement","substate":"informative","disclosed_at":"2017-08-21T13:30:11.505Z"},{"id":128856,"username":"hharry","team_handle":"gratipay","team_name":"Gratipay","title":"Send email asynchronously","substate":"resolved","disclosed_at":"2017-03-17T17:58:17.878Z","bounty":10.0},{"id":128764,"username":"ahmed_abdalla","team_handle":"gratipay","team_name":"Gratipay","title":"text injection in website title","substate":"informative","disclosed_at":"2016-04-30T23:10:29.367Z","bounty":0.0},{"id":128121,"username":"a5tronaut","team_handle":"gratipay","team_name":"Gratipay","title":"fix bug in username restriction","substate":"resolved","disclosed_at":"2016-08-20T05:41:10.981Z"},{"id":128041,"username":"niputiwari","team_handle":"gratipay","team_name":"Gratipay","title":"Getting Error Message and in use python version 2.7 is exposed.","substate":"informative","disclosed_at":"2016-04-05T19:36:41.425Z"},{"id":128035,"username":"niputiwari","team_handle":"gratipay","team_name":"Gratipay","title":"An adversary can harvest email address for spamming.","substate":"informative","disclosed_at":"2016-04-05T19:04:06.160Z"},{"id":127995,"username":"jaypatel","team_handle":"gratipay","team_name":"Gratipay","title":"Limit email address length","substate":"resolved","disclosed_at":"2017-03-18T04:47:07.909Z"},{"id":126010,"username":"a5tronaut","team_handle":"gratipay","team_name":"Gratipay","title":"prevent content spoofing on /~username/emails/verify.html","substate":"duplicate","disclosed_at":"2017-07-10T09:59:30.350Z"},{"id":124976,"username":"ashesh","team_handle":"gratipay","team_name":"Gratipay","title":"Hijacking user session by forcing the use of  invalid HTTPs Certificate on images.gratipay.com","substate":"resolved","disclosed_at":"2016-04-01T16:34:06.349Z"},{"id":123900,"username":"kuskumar","team_handle":"gratipay","team_name":"Gratipay","title":"csrf_token cookie don't have the flag \"HttpOnly\"","substate":"informative","disclosed_at":"2016-08-14T18:17:57.290Z"},{"id":123897,"username":"trabajoduro","team_handle":"gratipay","team_name":"Gratipay","title":"auto-logout after 20 minutes","substate":"informative","disclosed_at":"2016-08-23T16:06:47.067Z"},{"id":123849,"username":"staytuned","team_handle":"gratipay","team_name":"Gratipay","title":"Cookie Does Not Contain The \"secure\" Attribute","substate":"resolved","disclosed_at":"2016-04-02T05:01:51.629Z"},{"id":123782,"username":"trabajoduro","team_handle":"gratipay","team_name":"Gratipay","title":"Vulnerable to clickjacking","substate":"informative","disclosed_at":"2016-05-13T09:24:41.615Z"},{"id":123742,"username":"caffeine","team_handle":"gratipay","team_name":"Gratipay","title":"suppress version in Server header on gratipay.com or grtp.co","substate":"resolved","disclosed_at":"2016-07-14T16:31:42.608Z","bounty":1.0},{"id":120026,"username":"jsshen","team_handle":"gratipay","team_name":"Gratipay","title":"don't serve hidden files from Nginx","substate":"resolved","disclosed_at":"2016-07-13T02:32:04.171Z","bounty":1.0},{"id":118033,"username":"bugdiscloseguys","team_handle":"gratipay","team_name":"Gratipay","title":"X-Content-Type Header Missing For aspen.io","substate":"informative","disclosed_at":"2017-06-15T16:42:18.413Z","bounty":0.0},{"id":117739,"username":"hogarth45","team_handle":"gratipay","team_name":"Gratipay","title":"limit number of images in statement","substate":"resolved","disclosed_at":"2017-06-16T13:55:05.733Z","bounty":1.0},{"id":117458,"username":"ashish_r_padelkar","team_handle":"gratipay","team_name":"Gratipay","title":"strengthen Diffie-Hellman (DH) key exchange parameters in grtp.co","substate":"resolved","disclosed_at":"2016-07-14T16:34:39.966Z"},{"id":117330,"username":"secbughunter","team_handle":"gratipay","team_name":"Gratipay","title":"stop serving grtp.co over HTTP","substate":"resolved","disclosed_at":"2016-07-15T05:15:09.545Z","bounty":1.0},{"id":117325,"username":"paresh_parmar","team_handle":"gratipay","team_name":"Gratipay","title":"DMARC is misconfigured for grtp.co","substate":"resolved","disclosed_at":"2016-04-02T18:46:08.773Z","bounty":10.0},{"id":117195,"username":"diffender23","team_handle":"gratipay","team_name":"Gratipay","title":"Login csrf.","substate":"not-applicable","disclosed_at":"2017-08-21T13:29:29.202Z"},{"id":117187,"username":"ishahriyar","team_handle":"gratipay","team_name":"Gratipay","title":"Prevent content spoofing on /~username/emails/verify.html","substate":"resolved","disclosed_at":"2017-06-16T06:32:21.346Z"},{"id":117159,"username":"nullboy","team_handle":"gratipay","team_name":"Gratipay","title":"SPF/DKIM/DMARC for aspen.io","substate":"resolved","disclosed_at":"2016-03-19T21:43:20.574Z"},{"id":117149,"username":"kiraak-boy","team_handle":"gratipay","team_name":"Gratipay","title":"SPF/DKIM/DMARC for grtp.co","substate":"resolved","disclosed_at":"2016-02-18T23:47:38.963Z"},{"id":117142,"username":"jackds","team_handle":"gratipay","team_name":"Gratipay","title":"limit HTTP methods on other domains","substate":"resolved","disclosed_at":"2016-07-19T20:08:50.321Z"},{"id":117097,"username":"bugdiscloseguys","team_handle":"gratipay","team_name":"Gratipay","title":"Email Forgery through Mandrillapp SPF","substate":"resolved","disclosed_at":"2016-03-19T19:16:58.197Z","bounty":10.0},{"id":116973,"username":"bugdiscloseguys","team_handle":"gratipay","team_name":"Gratipay","title":"No Valid SPF Records.","substate":"resolved","disclosed_at":"2016-02-18T11:03:24.600Z","bounty":10.0},{"id":116774,"username":"anmon","team_handle":"gratipay","team_name":"Gratipay","title":"UDP port 5060 (SIP) Open","substate":"informative","disclosed_at":"2016-02-16T19:44:27.558Z"},{"id":116621,"username":"bulla","team_handle":"gratipay","team_name":"Gratipay","title":"server calendar and server status available to public","substate":"informative","disclosed_at":"2016-02-20T12:12:30.378Z","bounty":0.0},{"id":116618,"username":"bulla","team_handle":"gratipay","team_name":"Gratipay","title":"proxy port 7000 and shell port 514 not filtered","substate":"informative","disclosed_at":"2016-02-20T12:12:01.196Z","bounty":0.0},{"id":116512,"username":"ru94mb","team_handle":"gratipay","team_name":"Gratipay","title":"Markdown parsing issue enables insertion of malicious tags","substate":"informative","disclosed_at":"2017-08-21T13:28:46.303Z"},{"id":116360,"username":"anonymous_ftpuser","team_handle":"gratipay","team_name":"Gratipay","title":"The POODLE attack (SSLv3 supported) for https://grtp.co/","substate":"resolved","disclosed_at":"2016-03-16T16:55:45.086Z"},{"id":116352,"username":"anonymous_ftpuser","team_handle":"gratipay","team_name":"Gratipay","title":"nginx SPDY heap buffer overflow for https://grtp.co/","substate":"informative","disclosed_at":"2016-02-15T22:07:20.090Z"},{"id":115284,"username":"1shahzaib1","team_handle":"gratipay","team_name":"Gratipay","title":"prevent content spoofing on /search","substate":"resolved","disclosed_at":"2016-04-06T15:14:49.722Z"},{"id":115275,"username":"1shahzaib1","team_handle":"gratipay","team_name":"Gratipay","title":"SPF DNS Record ","substate":"resolved","disclosed_at":"2016-03-15T03:19:25.043Z"},{"id":112687,"username":"prince","team_handle":"gratipay","team_name":"Gratipay","title":"grtp.co is vulnerable to http-vuln-cve2011-3192","substate":"informative","disclosed_at":"2016-02-12T13:41:33.456Z"},{"id":111078,"username":"ketan_patil","team_handle":"gratipay","team_name":"Gratipay","title":"Sub Domain Take over","substate":"resolved","disclosed_at":"2016-02-28T18:55:19.827Z"},{"id":109161,"username":"atom","team_handle":"gratipay","team_name":"Gratipay","title":"protect against tabnabbing in statement","substate":"resolved","disclosed_at":"2017-10-01T12:39:17.527Z"},{"id":109116,"username":"atom","team_handle":"gratipay","team_name":"Gratipay","title":"Directory Listing on grtp.co","substate":"informative","disclosed_at":"2017-08-21T13:27:39.217Z"},{"id":109054,"username":"a0xnirudh","team_handle":"gratipay","team_name":"Gratipay","title":"HTTP trace method is enabled","substate":"resolved","disclosed_at":"2016-02-17T16:14:14.212Z"},{"id":108645,"username":"whit537","team_handle":"gratipay","team_name":"Gratipay","title":"Harden resend throttling","substate":"resolved","disclosed_at":"2017-04-16T17:42:44.511Z"},{"id":93157,"username":"lovepakistan","team_handle":"gratipay","team_name":"Gratipay","title":"SPF Protection not used, I can hijack your email server","substate":"informative","disclosed_at":"2017-08-08T16:07:59.034Z"},{"id":90805,"username":"whit537","team_handle":"gratipay","team_name":"Gratipay","title":"change bank account numbers","substate":"resolved","disclosed_at":"2017-06-12T18:03:20.833Z"},{"id":90778,"username":"sherlock_","team_handle":"gratipay","team_name":"Gratipay","title":"implement a cross-domain policy for Adobe products","substate":"not-applicable","disclosed_at":"2016-06-17T18:50:35.562Z"},{"id":87531,"username":"hussein98d","team_handle":"gratipay","team_name":"Gratipay","title":"Mail spaming","substate":"resolved","disclosed_at":"2016-01-06T08:54:06.129Z","bounty":20.0},{"id":84740,"username":"ibram","team_handle":"gratipay","team_name":"Gratipay","title":"Stored XSS On Statement","substate":"resolved","disclosed_at":"2015-09-03T16:00:59.165Z"},{"id":84287,"username":"ashesh","team_handle":"gratipay","team_name":"Gratipay","title":"DKIM records not present, Email Hijacking is possible","substate":"resolved","disclosed_at":"2015-09-23T19:52:19.182Z"},{"id":81701,"username":"deleted","team_handle":"gratipay","team_name":"Gratipay","title":"Possible SQL injection on \"Jump to twitter\"","substate":"resolved","disclosed_at":"2016-03-21T02:41:05.176Z"},{"id":80883,"username":"faisalahmed","team_handle":"gratipay","team_name":"Gratipay","title":"Authentication errors in server side validaton of E-MAIL","substate":"informative","disclosed_at":"2015-08-10T13:26:24.963Z","bounty":0.0},{"id":79552,"username":"bobrov","team_handle":"gratipay","team_name":"Gratipay","title":"[gratipay.com] CRLF Injection","substate":"resolved","disclosed_at":"2015-08-20T10:24:29.252Z","bounty":40.0},{"id":76307,"username":"ashesh","team_handle":"gratipay","team_name":"Gratipay","title":"Self XSS Protection not used , I can trick users to insert JavaScript","substate":"resolved","disclosed_at":"2015-09-11T17:15:54.408Z"},{"id":76303,"username":"hammad","team_handle":"gratipay","team_name":"Gratipay","title":"weak ssl cipher suites","substate":"resolved","disclosed_at":"2015-09-13T16:41:44.657Z"}]