Reports in algolia program: S.No Title Bounty 1 RCE on facebooksearch.algolia.com $500.0 2 Unauthorized team members can leak information and see all API calls through /1/admin/* endpoints, even after they have been removed. $400.0 3 Web Cache Deception vulnerability on algolia.com leads to personal information leakage $400.0 4 No Rate Limit In Inviting Similar Contact Multiple Times $100.0 5 Hyperlink Injection in Friend Invitation Emails $100.0 6 [github.algolia.com] DOM Based XSS github-btn.html $100.0 7 An “algobot”-s GitHub access token was leaked $100.0 8 [github.algolia.com] XSS $0.0 9 Stored XSS triggered by json key during UI generation $0.0 10 Stored XSS from Display Settings triggered on Save and viewing realtime search demo $0.0 11 Stored xss $0.0 12 Possilbe Sub Domain takever at prestashop.algolia.com $0.0 13 2-factor authentication bypass $0.0 14 Reflected XSS $0.0 15 No rate limit for Referral Program $0.0 16 [GitHub Extension] Unsanitised HTML leading to XSS on GitHub.com $0.0 17 SAUCE Access_key and User_name leaked in Travis CI build logs $0.0 18 Text injection on status.algolia.com $0.0 19 Directory traversal at https://msg.algolia.com $0.0 20 Web Cache Deception Attack (XSS) $0.0 21 subdomain take over at recommendation.algolia.com $0.0 22 email verification bypass $0.0 23 Information disclosure via a misconfigured third-party product $0.0 24 PHP-FPM status page disclosure $0.0 25 Information disclosure -> 2fa bypass -> POST exploitation $0.0