Public Mapbox bug reports.

Team Bounty Title
Mapbox - null pointer dereference and segfault in tile-count-merge
Mapbox $300 Node modules path disclosure due to lack of error handling
Mapbox $500 Open Aws Amazon S3 Buckets
Mapbox $750 Public access to objects in AWS S3 bucket
Mapbox $1,000 Mapbox Android SDK uses Broadcast Receiver instead of Local Broadcast Manager
Mapbox - target="_blank" Vulnerability Resulting in Critical Phishing Vector
Mapbox $750 Blind XSS in mapbox.com/contact
Mapbox $500 XSS on www.mapbox.com/authorize/ because of open redirect at /core/oauth/auth
Mapbox $500 XSS on www.mapbox.com/authorize
Mapbox $400 Denial of service in account statistics endpoint
Mapbox $1,000 Reflected cross-site scripting (XSS) on api.tiles.mapbox.com
Mapbox $1,000 XSS (cross-site scripting) on www.mapbox.com/maki
Mapbox $200 Mapbox API Access Token with No Scope Can Read Styles
Mapbox $200 Content Spoofing and Local Redirect in Mapbox Studio
Mapbox $1,000 XSS in L.mapbox.shareControl in mapbox.js
Mapbox $500 Disclosure of map information
Mapbox $1,000 Stored Cross-Site Scripting in Map Share Page
Mapbox $1,000 Persistent cross-site scripting (XSS) in map attribution
Mapbox $1,000 Stored xss in editor