| DoS of LINE client for Android via message containing multiple unicode characters (0x0e & 0x0f) |
Denial of Service |
lynx_vn |
Medium |
2021-09-24 |
| Webview address bar spoofing in LINE client for iOS |
Phishing |
reinforchu |
Low |
2021-09-15 |
| Theft of arbitrary files in LINE Lite client for Android |
Improper Access Control - Generic |
hulkvision_ |
Medium |
2021-07-06 |
| Arbitrary Code Execution via npm misconfiguration – installing internal libraries from the public registry |
Code Injection |
alexbirsan |
Critical |
2021-07-05 |
| Webview in LINE client for iOS will render application/octet-stream files as HTML |
Improper Access Control - Generic |
s5s |
Medium |
2021-07-05 |
| Path traversal in ZIP extract routine on LINE Android |
Path Traversal |
kanytu |
Medium |
2020-11-17 |
| Improper Access Control in LINE Timeline API that returns a list of hidden friends |
Improper Access Control - Generic |
66ed3gs |
Medium |
2020-11-17 |
| CORS misconfiguration leads to users information disclosure at https://studyroom.line.me |
Information Disclosure |
dhbd88 |
Medium |
2020-11-13 |
| Spring Actuator endpoints publicly available and broken authentication |
Misconfiguration |
kazan71p |
Critical |
2020-08-06 |
| Spring Actuator endpoints publicly available and broken authentication |
Misconfiguration |
kazan71p |
Critical |
2020-08-06 |
| Spring Actuator endpoints publicly available, leading to account takeover |
Misconfiguration |
kazan71p |
Critical |
2020-08-04 |
| Insufficient access control on all BCRM instances leading to the ability to create admin accounts using the API |
Improper Access Control - Generic |
j0eii |
High |
2020-08-03 |
| Insufficient access control on all BCRM instances leading to the ability to create admin accounts using the API |
Improper Access Control - Generic |
j0eii |
High |
2020-08-03 |
| Get-based SSRF limited to HTTP protocol on https://resizer.line-apps.com/form |
Server-Side Request Forgery (SSRF) |
ledz1996 |
Medium |
2020-08-02 |
| Path traversal in filename in LINE Mac client |
Path Traversal |
hackerontwowheels |
High |
2020-07-31 |
| Request smuggling on admin-official.line.me could lead to account takeover |
HTTP Request Smuggling |
shaolin_tw |
High |
2020-05-19 |
| Request smuggling on admin-official.line.me could lead to account takeover |
HTTP Request Smuggling |
shaolin_tw |
High |
2020-05-19 |
| Request smuggling on admin-official.line.me could lead to account takeover |
HTTP Request Smuggling |
shaolin_tw |
High |
2020-05-19 |
| Reflected XSS in OAUTH2 login flow |
Cross-site Scripting (XSS) - Reflected |
derision |
Medium |
2020-04-21 |
| Reflected XSS in OAUTH2 login flow |
Cross-site Scripting (XSS) - Reflected |
derision |
Medium |
2020-04-21 |
| Able to Become Admin for Any LINE Official Account |
Privilege Escalation |
ngalog |
Critical |
2020-03-25 |
| Able to Become Admin for Any LINE Official Account |
Privilege Escalation |
ngalog |
Critical |
2020-03-25 |
| SSRF on music.line.me through getXML.php |
Server-Side Request Forgery (SSRF) |
hahwul |
High |
2020-03-25 |
| DOM-based XSS on mobile.line.me |
Cross-site Scripting (XSS) - DOM |
zophi |
High |
2020-03-25 |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles