Details of the collaboration between NASA and Inmarsat Government and the type of contract Details of the collaboration between NASA...
Publicly Editable Google Docs Linked from NASA SnowEx PPT Publicly Editable Google Docs Linked from NASA SnowEx PPT Researcher: Engagement:...
Reflected Cross-Site Scripting (XSS) on www.nasa.gov/search/search.jsp Reflected Cross-Site Scripting (XSS) on www.nasa.gov/search/search.jsp Researcher: madhu873 Engagement: National Aeronautics and Space Administration...
NASA Terminal Facility Guidelines for Unauthorized Disclosure of Personal Information (PII) NASA Terminal Facility Guidelines for Unauthorized Disclosure of Personal...
Publicly Accessible .env File Exposing Hardcoded Credentials on NASA’s Git Repository Publicly Accessible .env File Exposing Hardcoded Credentials on NASA’s...
Leak of usernames from a private website Leak of usernames from a private website Researcher: Engagement: National Aeronautics and Space...
Unauthorized Disclosure of PII via Internal NASA Doc Vulnerability Unauthorized Disclosure of PII via Internal NASA Doc Vulnerability Researcher: Black_charon...
Unauthenticated metadata disclosure of protected NASA flight reports and mission schedules via /ajax/activity Unauthenticated metadata disclosure of protected NASA flight...
Critical Identity and Communication Data Exposed in Unprotected NASA Hangar Demolition Doc Vulnerability Critical Identity and Communication Data Exposed in...
Authentication Bypass + exposure of PII + reflected XSS Authentication Bypass + exposure of PII + reflected XSS Researcher: snillx...
Cross Site Scripting Cross Site Scripting Researcher: ChrisRanaMagar Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...
self cross site scripting self cross site scripting Researcher: bugcrowd_staff Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure...
Self Reflected XSS on target.nasa.gov via unescaped user input in field Self Reflected XSS on target.nasa.gov via unescaped user input...
Graphql API exposes all groups and goups users leaking internal stucture, full names and emails Graphql API exposes all groups...
Account Takeover via Password Reset Token and Insecure Email Change Handling Account Takeover via Password Reset Token and Insecure Email...
CVE-2025-4388 Reflected XSS in marketplace-app-manager-web. CVE-2025-4388 Reflected XSS in marketplace-app-manager-web. Researcher: Renatto Engagement: National Aeronautics and Space Administration (NASA) -...
HTTP Verb Tampering Leads to Authorization Bypass on /archive/exist/team/ Directory HTTP Verb Tampering Leads to Authorization Bypass on /archive/exist/team/ Directory...
Reflected XSS on oceandata.sci.gsfc.nasa.gov Reflected XSS on oceandata.sci.gsfc.nasa.gov Researcher: FebriHp Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure...
Confidental Information of NASA found Confidental Information of NASA found Researcher: arjanchaudharyy Engagement: National Aeronautics and Space Administration (NASA) -...
RXSS at `https://skyview.gsfc.nasa.gov/current/cgi/vo/sia.pl` RXSS at `https://skyview.gsfc.nasa.gov/current/cgi/vo/sia.pl` Researcher: GxbNt Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...
Sensitive NASA Equipment Inventory Disclosed via Public Endpoint on www3.nasa.gov Sensitive NASA Equipment Inventory Disclosed via Public Endpoint on www3.nasa.gov...
NASA-User Owned PDF Publicly Exposed with Full Edit Rights — Risk of Deletion and PII Disclosure NASA-User Owned PDF Publicly...
Exposed NASA/JPL Credentials and Emails via Public Pastebin Leak Exposed NASA/JPL Credentials and Emails via Public Pastebin Leak Researcher: JustAKids...
RXSS On https://www1-2-pz.sewp.nasa.gov/ RXSS On https://www1-2-pz.sewp.nasa.gov/ Researcher: asjadbutt Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...
