Reports in duckduckgo program: S.No Title Bounty 1 SSRF in proxy.duckduckgo.com via the image_host parameter $0.0 2 SSRF on duckduckgo.com/iu/ $0.0 3 DOM XSS on 50x.html page $0.0 4 SSRF vulnerability on proxy.duckduckgo.com (access to metadata server on AWS) $0.0 5 DOM XSS on 50x.html page on proxy.duckduckgo.com $0.0 6 XXE on https://duckduckgo.com $0.0 7 Partial bypass of #483774 with Blind XXE on https://duckduckgo.com $0.0 8 DOM XSS on duckduckgo.com search $0.0 9 DOM XSS on duckduckgo.com search $0.0 10 XSS on Videos IA $0.0 11 DOM XSS on duckduckgo.com search $0.0 12 Reflected/Stored XSS on duckduckgo.com $0.0 13 com.duckduckgo.mobile.android - Cache corruption $0.0 14 XSS in Subdomain of DuckDuckGo $0.0