Reports in homebrew program: S.No Title Bounty 1 Host header Injection $0.0 2 [https://jenkins.brew.sh] Jenkins in Debug Mode with Stack Traces Enabled $0.0 3 Server version disclosure on [jenkins.brew.sh] $0.0 4 Stack Trace on jenkins.brew.sh $0.0 5 Sensitive information disclosure via response headers on jenkins.brew.sh $0.0 6 [bot.brew.sh] Full Path Disclosure $0.0 7 GitHub API Key for BrewTestBot is publicly exposed $0.0 8 Email enumeration of users $0.0 9 Homebrew installed LaunchDaemons create simple root esclations $0.0 10 Homebrew privilege escalation vulnerability $0.0 11 Broken parsing of Git diff allows an attacker to inject arbitrary Ruby scripts to Casks on official taps $0.0 12 Brew bootstrap process is insecure $0.0 13 clickjacking at brew.sh $0.0 14 Bypass of the installation sandbox by injecting keystrokes with TIOCSTI $0.0