Public Yelp bug reports.

Team Bounty Title
Yelp - Firefly's verify_access_token() function does a byte-by-byte comparison of HMAC values.
Yelp $100 Clickjacking Vulnerability found on Yelp
Yelp $100 Able to download arbitrary PHP files at yelpblog.com
Yelp $300 X.509 certificate validation fails on international vanity domains
Yelp $500 CSRF on signup endpoint (auto-api.yelp.com)
Yelp $500 Requesting Show CheckIn Alert for Non Friend User
Yelp $200 Bybass The Closing of the account and logged again to your account
Yelp $100 Self-XSS via location cookie city field when getting suggestions for a new location
Yelp $500 Verification of E-Mail address possible on https://biz.yelp.com/login and https://biz.yelp.com/forgot
Yelp $1,500 Access to internal CMS containing private Data
Yelp $500 Information disclosure - emails disclosed in response > staging.seatme.us