Public Algolia bug reports.

Team Bounty Title
Algolia - Text injection on
Algolia - SAUCE Access_key and User_name leaked in Travis CI build logs
Algolia $200 [GitHub Extension] Unsanitised HTML leading to XSS on
Algolia $100 An “algobot”-s GitHub access token was leaked
Algolia $100 Reflected XSS
Algolia $100 [] DOM Based XSS github-btn.html
Algolia - Possilbe Sub Domain takever at
Algolia $100 No rate limit for Referral Program
Algolia $100 Hyperlink Injection in Friend Invitation Emails
Algolia $400 Unauthorized team members can leak information and see all API calls through /1/admin/* endpoints, even after they have been removed.
Algolia $100 Stored XSS from Display Settings triggered on Save and viewing realtime search demo
Algolia $100 Stored xss
Algolia $100 Stored XSS triggered by json key during UI generation
Algolia - [] XSS
Algolia $100 No Rate Limit In Inviting Similar Contact Multiple Times
Algolia $100 Stored xss
Algolia $100 2-factor authentication bypass
Algolia $500 RCE on
Algolia $100 No rate-limit in Two factor Authentication leads to bypass using bruteforce attack
Algolia $1,000 API Key added for one Indices works for all other indices too.
Algolia - PHP version disclosed on
Algolia $100 text injection can be used in phishing 404 page should not include attacker text
Algolia $100 Stored XSS in name selection
Algolia $200 User with limited access to Index configuration can rename the Index
Algolia $100 an xss issue
Algolia $100 Stored XSS on*