Public Dropbox bug reports.

Team Bounty Title
Dropbox - Missing URL sanitization in comments can be leveraged for phishing
Dropbox - SSL Key Certificate expires
Dropbox - CSV Injection with the CVS export feature
Dropbox - XSS in OAuth Redirect Url
Dropbox $1,458 Subtile Code Injection Vulnerability in Dropbox for Windows
Dropbox $729 SSRF allows access to internal services like Ganglia
Dropbox - XSS, Unvalidated redirects & phishing website hosting on dropbox servers
Dropbox - Can make any number of dropbox accounts with one email
Dropbox - Lack of account link warning enables dropbox hijacking
Dropbox - Dropbox apps Server side request forgery
Dropbox - No Rate Limiting while sending the feedback under Dropbox Help Centre
Dropbox - Possible SQL injection can cause denial of service attack
Dropbox $512 XSS in dropbox main domain
Dropbox $216 Race condition when redeeming coupon codes
Dropbox $512 SSRF vulnerablity in app webhooks
Dropbox - XSS in version history of an HTML file in a shared folder
Dropbox - Create N Accounts In Dropbox Irrespective Of Domain
Dropbox - Unvalidated Redirects and Stored XSS
Dropbox - WP User Enumeration is possible at https://blog.dropbox.com
Dropbox - [monitor.sjc.dropbox.com] CRLF Injection