Public The Internet bug reports.

Team Bounty Title
The Internet $500 Mercurial can be tricked into granting authorized users access to the Python debugger
The Internet $500 ntpd: read_mru_list() does inadequate incoming packet checks
The Internet $7,500 Insufficient shell characters filtering leads to (potentially remote) code execution (CVE-2016-3714)
The Internet $1,000 libcurl duphandle read out of bounds
The Internet $3,000 libcurl: URL request injection
The Internet $7,500 FREAK: Factoring RSA_EXPORT Keys to Impersonate TLS Servers
The Internet $5,000 Bad Write in TTF font parsing (win32k.sys)
The Internet $3,000 Heap overflow in H. Spencer’s regex library on 32 bit systems
The Internet $3,000 Drupal 7 pre auth sql injection and remote code execution
The Internet $20,000 GNU Bourne-Again Shell (Bash) 'Shellshock' Vulnerability
The Internet $3,000 open redirect in rfc6749
The Internet $3,000 rsync hash collisions may allow an attacker to corrupt or modify files
The Internet $6,000 LZ4 Core
The Internet $5,000 Multiple issues in looking-glass software (aka from web to BGP injections)
The Internet $3,000 Bypassing Same Origin Policy With JSONP APIs and Flash
The Internet $7,500 TLS Triple Handshake Attack
The Internet $500 Uncontrolled Resource Consumption with XMPP-Layer Compression
The Internet $7,500 TLS Virtual Host Confusion
The Internet $1,500 OpenSSH: Memory corruption in AES-GCM support