Public Yelp bug reports.

Team Bounty Title
Yelp - Firefly's verify_access_token() function does a byte-by-byte comparison of HMAC values.
Yelp $100 Clickjacking Vulnerability found on Yelp
Yelp $100 Able to download arbitrary PHP files at
Yelp $300 X.509 certificate validation fails on international vanity domains
Yelp $500 CSRF on signup endpoint (
Yelp $500 Requesting Show CheckIn Alert for Non Friend User
Yelp $200 Bybass The Closing of the account and logged again to your account
Yelp $100 Self-XSS via location cookie city field when getting suggestions for a new location
Yelp $500 Verification of E-Mail address possible on and
Yelp $1,500 Access to internal CMS containing private Data
Yelp $500 Information disclosure - emails disclosed in response >