internal IP Disclosure via Public DNS Record (blue.guest.hq.nasa.gov) internal IP Disclosure via Public DNS Record (blue.guest.hq.nasa.gov) Researcher: Theekshana_kusal Engagement: National...
open redirect vulnerability occurring at https://keycloak.shared-services.staging.appdat.jsc.nasa.gov/ open redirect vulnerability occurring at https://keycloak.shared-services.staging.appdat.jsc.nasa.gov/ Researcher: uko3211 Engagement: National Aeronautics and Space Administration...
Publicly editable Google Slides linked from nasa.gov enables unauthorized content modification (content integrity & brand abuse risk Publicly editable Google...
Sensitive NASA Jira & Employee Data Exposure via Public JSFiddle Sensitive NASA Jira & Employee Data Exposure via Public JSFiddle...
Directory Listing Vulnerability Directory Listing Vulnerability Researcher: Vinit06 Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...
Public Exposure of PII of NASA Meeting Registrations Public Exposure of PII of NASA Meeting Registrations Researcher: chirag8023 Engagement: National...
Members can enumerate and delete organization invites Members can enumerate and delete organization invites Researcher: Engagement: PostHog Vulnerability Disclosure Engagement...
Details of the collaboration between NASA and Inmarsat Government and the type of contract Details of the collaboration between NASA...
Publicly Editable Google Docs Linked from NASA SnowEx PPT Publicly Editable Google Docs Linked from NASA SnowEx PPT Researcher: Engagement:...
Reflected Cross-Site Scripting (XSS) on www.nasa.gov/search/search.jsp Reflected Cross-Site Scripting (XSS) on www.nasa.gov/search/search.jsp Researcher: madhu873 Engagement: National Aeronautics and Space Administration...
NASA Terminal Facility Guidelines for Unauthorized Disclosure of Personal Information (PII) NASA Terminal Facility Guidelines for Unauthorized Disclosure of Personal...
Publicly Accessible .env File Exposing Hardcoded Credentials on NASA’s Git Repository Publicly Accessible .env File Exposing Hardcoded Credentials on NASA’s...
Leak of usernames from a private website Leak of usernames from a private website Researcher: Engagement: National Aeronautics and Space...
Unauthorized Disclosure of PII via Internal NASA Doc Vulnerability Unauthorized Disclosure of PII via Internal NASA Doc Vulnerability Researcher: Black_charon...
Unauthenticated metadata disclosure of protected NASA flight reports and mission schedules via /ajax/activity Unauthenticated metadata disclosure of protected NASA flight...
Critical Identity and Communication Data Exposed in Unprotected NASA Hangar Demolition Doc Vulnerability Critical Identity and Communication Data Exposed in...
Authentication Bypass + exposure of PII + reflected XSS Authentication Bypass + exposure of PII + reflected XSS Researcher: snillx...
Cross Site Scripting Cross Site Scripting Researcher: ChrisRanaMagar Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...
self cross site scripting self cross site scripting Researcher: bugcrowd_staff Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure...
Self Reflected XSS on target.nasa.gov via unescaped user input in field Self Reflected XSS on target.nasa.gov via unescaped user input...
Graphql API exposes all groups and goups users leaking internal stucture, full names and emails Graphql API exposes all groups...
Account Takeover via Password Reset Token and Insecure Email Change Handling Account Takeover via Password Reset Token and Insecure Email...
CVE-2025-4388 Reflected XSS in marketplace-app-manager-web. CVE-2025-4388 Reflected XSS in marketplace-app-manager-web. Researcher: Renatto Engagement: National Aeronautics and Space Administration (NASA) -...
HTTP Verb Tampering Leads to Authorization Bypass on /archive/exist/team/ Directory HTTP Verb Tampering Leads to Authorization Bypass on /archive/exist/team/ Directory...
