Public Trello bug reports.

Team Bounty Title
Trello $128 A CRLF injection into the redirect URL of can be used to cause a denial of service when later redirected to
Trello - Unpatched ( Unviladate File Upload to XSS on trello-attachment Bucket
Trello - api flaw
Trello - XML entity expansion using svg file
Trello $256 Cross-Site Scripting on Trello's iPhone App
Trello $128 Malicious file can be hidden as Card Attachment or Card Cover image
Trello $768 Rate limiting of incorrect Two Factor Authentication codes not enforced
Trello - Phone verification code fails to expire and can be used multiple times also in different accounts to verify same cellphone number on
Trello - Email authentication token fails to expire and can be used multiple times for same Email address on
Trello - Exporting JSON of other Boards
Trello - The contact page is vulnerable to self-XSS via upload file name
Trello - SVG Uploads / Attachments can be viewed by anyone that knows the URL
Trello $2,048 Stealing power up private tokens (trello, twitter, github...)
Trello $256 Can run arbitrary script on
Trello $128 XSS on
Trello $128 Full Sub Domain Takeover at
Trello - Unvalidated/Open Redirect allowing attackers to implement phishing attack
Trello - Subdomain Take over & username enemuration
Trello $128 SSRF in account webhook (through API)
Trello - Security code not getting invalidate on requesting New
Trello $1,024 File access using image tragick
Trello - XSS and Open-Redirect via SVG
Trello - Verification Code Reused For activating 2FA
Trello - Sending Unlimited Mails To Anybody With Easy Social Share Buttons Plugin
Trello - Report bug on jetpack plugin
Trello - XSS in Jetpack plugin
Trello $128 XSS in Jetpack Plugin
Trello - Error Page Text Injection.
Trello $128 Cross site scripting in
Trello $1,536 Payments informations are sent to the webhook when a team changes its visibility
Trello $1,024 If a team is public, the web socket receives data about the Team visible boards
Trello $768 Using WebSocket I can always access organization data even if I am removed
Trello $1,152 DOM based XSS via Wistia embedding
Trello $128 CSV Injection
Trello $256 Normal User can add new users to group
Trello $128 [] CRLF Injection
Trello $64 [] Open Redirect