.wrapper { display:none; } .footer { display:none; } body { -ms-overflow-style: scrollbar; overflow-y: scroll; overscroll-behavior-y: none; } .errorContainer { background-color: #FFF; color: #0F1419; max-width: 600px; margin: 0 auto; padding: 10%; font-family: Helvetica, sans-serif; font-size: 16px; } .errorButton { margin: 3em 0; } .errorButton a { background: #1DA1F2; border-radius: 2.5em; color: white; padding: 1em 2em; text-decoration: none; } .errorButton a:hover, .errorButton a:focus { background: rgb(26, 145, 218); } .errorFooter { color: #657786; font-size: 80%; line-height: 1.5; padding: 1em 0; } .errorFooter a, .errorFooter a:visited { color: #657786; text-decoration: none; padding-right: 1em; } .errorFooter a:hover, .errorFooter a:active { text-decoration: underline; } #placeholder, #react-root { display: none !important; } body { background-color: #FFF !important; }

JavaScript is not available.

We’ve detected that JavaScript is disabled in this browser. Please enable JavaScript or switch to a supported browser to continue using openbugbounty.org.

2022 © OpenBugBounty

Infosec Institute

Open Bug Bounty mentioned in the
Top 6 Bug Bounty programs of
2022 by the InfoSec Institute

The Hacker News

Open Bug Bounty named among the
Top 5 Bug Bounty programs of 2021
by The Hacker News

All Open Bug Bounty emails are sent only from openbugbounty.org domain being digitally signed. All others are fake. Learn more.

For Researchers

Report a Vulnerability Report and help remediate a vulnerability found on any website	Write a Blog Post Write a blog post to share your knowledge and get kudos
Browse Bug Bounty Programs Browse active bug bounty programs run by website owners	Ask a Question Ask questions and share your improvement ideas

How it Works

Download presentation and learn
how our platform works

PDF, 1MB

For Owners

Start a Bug Bounty Start your bug bounty program at no cost and leverage crowd-security testing	Ask a Question Ask questions or let us know how to make Open Bug Bounty even better
API Request National CERTs and law enforcement agencies may request our API

How it Works

Download presentation and learn
how our platform works

PDF, 1MB

Hall of Fame

Top Security Researchers They make Web a safer place by reporting and helping remediate vulnerabilities	Acknowledgements Website owners share their experience of collaboration with the researchers

How it Works

Download presentation and learn
how our platform works

PDF, 1MB

About

About the Project Read about Open Bug Bounty history, values and mission	Latest Reports Browse the most recent vulnerability submissions
Contact Us Get in touch

How it Works

Download presentation and learn
how our platform works

PDF, 1MB

Forum
Blog

OpenBugBounty.org > Open BugBounty Programs List

Bug Bounty Programs List

The complete list of bug bounty and security vulnerability disclosure programs lauhched and operated by open bug bounty community.

Company Name	Verified domains	Reports Total/Fixed/Unfixed

Latest Patched

07.12.2022 aulavirtual.staana.edu.pe

07.12.2022 elearning.ncba.edu.ph

07.12.2022 av-tacna.staana.edu.pe

06.12.2022 mof.gov.cy

06.12.2022 gad.bulacan.gov.ph

06.12.2022 richlandcountyoh.gov

06.12.2022 spyur.am

05.12.2022 t.im

05.12.2022 mediacongo.net

05.12.2022 sitejabber.com

Latest Blog Posts

08.07.2022 by 4websecurity
CVE 2022-29455 is still affecting millions of Wordpress sites

08.07.2022 by kh4sh3i_
Zabbix - SAML SSO Authentication Bypass

08.07.2022 by FR13ND0x7F
The Time Machine — Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

15.02.2022 by sepkatpro
Ultimate XSS Polyglot

11.11.2021 by mistry4592
The Most used Chrome Extensions are Used For Penetration Testing.

Recent Recommendations

5 December, 2022

seminardd:

Thank you for your valuable report.

5 December, 2022

FoenBox:

Thanks for the heads-up about the misconfiguration! You reported it professionally and discreetly. :)

25 November, 2022

rensi_arteaga:

Gracias por encontrar el bug y reportarlo

21 November, 2022

mailslate:

Krystian alerted me to an OWASP high risk vulnerability on my small non-profit website, which I was then able to quickly remedy. Very grateful for this!

14 November, 2022

routhinator:

Thank you for your responsible disclosure of several XSS attacks against The Den. This signalled that I had missed an update to the CMS and once patched they were resolved.

Making Web a Safer Place

Coordinated & Responsible Disclosure

Based on ISO 29147 Guidelines