Public Coinbase bug reports.

Team Bounty Title
Coinbase - Device confirmation Flaw
Coinbase $100 Information disclosure same issue #176002
Coinbase $100 Captcha Bypass in Coinbase SignUp Form
Coinbase - X-Frame-Options
Coinbase - Open redirect on sign in
Coinbase - CSRF bug on password change
Coinbase - Csrf bug on signup session
Coinbase $100 [buy.coinbase.com]Content Injection
Coinbase - Requestor Email Disclosure via Email Notification
Coinbase - Information disclosue in Android Application
Coinbase - Information disclosure in coinbase android app
Coinbase $100 Window.opener bug at www.coinbase.com
Coinbase $200 Authentication Issue
Coinbase $100 Information disclosure of user by email using buy widget
Coinbase $100 Information leakage on https://docs.gdax.com
Coinbase - coinbase Email leak while sending and requesting
Coinbase $300 window.opener is leaking to external domains upon redirect on Safari
Coinbase - Create Multiple Account Using Similar X-CSRF token
Coinbase - Content Injection error page
Coinbase - No authorization required in iOS device web-application
Coinbase - No authorization required in Windows phone web-application
Coinbase $100 Application error message
Coinbase - Transaction Pending Via Ip Change
Coinbase - Cookie not secure
Coinbase $100 User's legal name could be changed despite front end controls being disabled
Coinbase $1,000 Sending payments via QR code does not require confirmation
Coinbase $500 Email leak in transcations in Android app
Coinbase - Inaccurate Payment receipt
Coinbase - An adversary can overwhelm the resources by automating Forgot password/Sign Up requests
Coinbase $500 Misconfiguration in 2 factor allows sensitive data expose
Coinbase $200 XSSI (Cross Site Script Inclusion)
Coinbase $1,000 Session Issue Maybe Can lead to huge loss [CRITICAL]
Coinbase $200 Direct URL access to completed reports
Coinbase - The 'Create a New Account' action is vulnerable to CSRF
Coinbase $100 Race condition allowing user to review app multiple times
Coinbase - Potential for Double Spend via Sign Message Utility
Coinbase - XXE in OAuth2 Applications gallery profile App logo
Coinbase $200 HTML injection in apps user review
Coinbase $5,000 Stored-XSS in https://www.coinbase.com/
Coinbase $500 Transactions visible on Unconfirmed devices
Coinbase - Balance Manipulation - BUG
Coinbase $100 SPF records not found
Coinbase $100 User email enumuration using Gmail
Coinbase $100 OAUTH pemission set as true= lead to authorize malicious application
Coinbase - Runtime manipulation iOS app breaking the PIN
Coinbase - Two-factor authentication (via SMS)
Coinbase $5,000 OAuth authorization page vulnerable to clickjacking
Coinbase $5,000 Big Bug with Vault which i have already reported: Case #606962
Coinbase $100 ByPassing the email Validation Email on Sign up process in mobile apps
Coinbase - iframes considered harmful
Coinbase $1,000 Sandboxed iframes don't show confirmation screen
Coinbase $100 Blacklist bypass on Callback URLs
Coinbase $100 open authentication bug
Coinbase $100 New Device Confirmation, token is valid until not used.
Coinbase $100 New Device confirmation tokens are not properly validated.
Coinbase $100 Credit Card Validation Issue
Coinbase $1,000 Invoice Details activate JS that filled in
Coinbase - 2FA settings allowed to be changed with no delay/freeze on funds
Coinbase $1,000 Leaking CSRF token over HTTP resulting in CSRF protection bypass
Coinbase - Simultaneous Session Logon : Improper Session Management
Coinbase $100 CSRF in function "Set as primary" on accounts page
Coinbase $100 CSRF on "Set as primary" option on the accounts page
Coinbase $1,000 Bypassing 2FA for BTC transfers
Coinbase $100 2 factor authentication design flaw
Coinbase $1,000 Multiple Issues related to registering applications
Coinbase $100 Coinbase Android Security Vulnerabilities
Coinbase $1,000 Coinbase Android Application - Bitcoin Wallet Leaks OAuth Response Code
Coinbase - IFRAME loaded from External Domains
Coinbase - Cookie missing the HttpOnly flag
Coinbase - User Enumeration, Information Disclosure and Lack of Rate Limitation on API
Coinbase - Improper Validation of the Referrer header leading to Open URL Redirection
Coinbase - Information Disclosure That shows the webroot of CoinBase Server