Public Algolia bug reports.

Team Bounty Title
Algolia - Text injection on status.algolia.com
Algolia - SAUCE Access_key and User_name leaked in Travis CI build logs
Algolia $200 [GitHub Extension] Unsanitised HTML leading to XSS on GitHub.com
Algolia $100 An “algobot”-s GitHub access token was leaked
Algolia $100 Reflected XSS
Algolia $100 [github.algolia.com] DOM Based XSS github-btn.html
Algolia - Possilbe Sub Domain takever at prestashop.algolia.com
Algolia $100 No rate limit for Referral Program
Algolia $100 Hyperlink Injection in Friend Invitation Emails
Algolia $400 Unauthorized team members can leak information and see all API calls through /1/admin/* endpoints, even after they have been removed.
Algolia $100 Stored XSS from Display Settings triggered on Save and viewing realtime search demo
Algolia $100 Stored xss
Algolia $100 Stored XSS triggered by json key during UI generation
Algolia - [github.algolia.com] XSS
Algolia $100 No Rate Limit In Inviting Similar Contact Multiple Times
Algolia $100 Stored xss
Algolia $100 2-factor authentication bypass
Algolia $500 RCE on facebooksearch.algolia.com
Algolia $100 No rate-limit in Two factor Authentication leads to bypass using bruteforce attack
Algolia $1,000 API Key added for one Indices works for all other indices too.
Algolia - PHP version disclosed on blog.algolia.com
Algolia $100 text injection can be used in phishing 404 page should not include attacker text
Algolia $100 Stored XSS in name selection
Algolia $200 User with limited access to Index configuration can rename the Index
Algolia $100 an xss issue
Algolia $100 Stored XSS on https://www.algolia.com/realtime-search-demo/*