Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
533,910 coordinated disclosures
288,507 fixed vulnerabilities
739 bug bounties with 1,454 websites
15,008 researchers, 1071 honor badges

Adafruit Industries Bug Bounty Program

Adafruit Industries runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Adafruit Industries

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Adafruit Industries and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

adafruit.com

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

At Adafruit, we understand that security is essential in maintaining the trust you place in us to provide products and services to you. Although our team works vigilantly to help keep customer information secure, we recognize the important role that security researchers and our user community play in helping to keep our users secure. If you are a security researcher and have discovered a security vulnerability in our website or service, we ask for your help in disclosing it to us in a responsible manner.

If you discover a site vulnerability or are a customer who is concerned your account has been compromised, please notify us via [email protected] We encourage you to encrypt sensitive information; please see below for our public PGP key. For verified vulnerabilities and bugs, we may offer certain rewards for your smarts and efforts at our discretion as a thank you (such as store credit and Adafruit gear!).


Testing Requirements:

When reaching out to us, please include:

A detailed summary of the issue, including a list of steps for how we can reproduce it.
Correct contact information, such as an email address, by which we can reach you in case we need more information.
Whether and how you would like us to identify you in our "Hall of Fame".
We believe in placing our users' interests first. We believe that responsible disclosure involves privately notifying us of any security vulnerabilities, and allowing us appropriate time to diligently address the vulnerabilities before making full disclosure to the public. For our part, while we are working on addressing the vulnerability, we will advise customers of potential risk if appropriate where it does not increase the overall risk to customers. We will do our best to notify you as soon as the vulnerability has been addressed and ask that you do not disclose it publicly or share it with others until then.

We appreciate these types of research activities, but will not tolerate any actions that put our users at risk:

Do not attempt to access, modify, destroy, or disclose our users' information.
Do not attempt to deface or degrade our services.
Do not violate applicable law.
The combined contributions of all security professionals in our community are essential to keeping us all secure.

Possible Awards:

Adafruit products and more.

Special Notes:

We encourage you to encrypt sensitive information you send to us as a part of your vulnerability disclosure. You can use our PGP key to send us sensitive information via [email protected]:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Mailvelope v1.5.2
Comment: https://www.mailvelope.com

xsFNBFgSGh4BEAC6kp+TCD0FzzhhPtsRdZ7cdfFKSYtvxWitNdn54+UhppUE
xqavNGaSuz5jbMqojz2INWL8m0I7H8kA8NHYq4nhTtqIOh0C//7u/mKDy88j
j2nDFvKoT9n01j3mfQzWUAfVaMJ1OdKh5+oupELw1zqxFGy1COKKmMAjmM9L
HmkL2Y6cXGqgLK8IbuoYZ87MUzAAI6jrASCn4llf1F+g/Qqoh3uqt0D7OCij
SbVksMo1roqo6qJlNq/q8gtp5cqYiYb56bpSwd7uQCwhEA3VuqpedkIvgEQk
E80VLBD+L9MuLQxzaU9MyNxWH+pr2rTmffcrKSf8S1cpXZsR4Gcom90riXK8
YYLIC5EtZV8aQNQ621WwifkRhsUuQL8VWEzGp4eccgQlmx/4HHyFCONwB3Fm
ewiTehKT+ZfEuFXGjKij4XUgoO28zlDVEtwr9b3xOg2jYlfE9KAnY29uqZx0
bDlgpysWgwdnjgFwHbdpp/0khDfxKtlpxoF6jTng6vLpRknmZW26FDYh45kK
9rwxlMDNuKzeNJI/jWotaKb1vFx1KtwvOlvZ93kPua9XkgvWvc1qfC4QI6V8
UzSpV6Mfzcjz8gh1UwCrXXqph2TOpMXPzElAJXAf44h1UgsJpbyOngl4xWb1
Xi+QMF1f5VTzmvvETmnBAiNncN6stv8lv7pogwARAQABzS5BZGFmcnVpdCBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBhZGFmcnVpdC5jb20+wsF1BBABCAAp
BQJYEhoiBgsJCAcDAgkQy2Xcle98YS0EFQgCCgMWAgECGQECGwMCHgEAAFJ+
EACw//CCx9juEt7kLY87RX7U1cqMmXdKFHBco4XumBHufjXKCHClX//enggj
bWiaN/YZozQkKZfkcAey0IY70166EAPUzcZwzqX4ZSI7F/Er0WHr07pLa1aF
QWslVL2e3CWfTM2k6PjgC8puvcooK2J/Y1cRn33w0NcDZJJQ9uk/npd0/xzD
AFWRU6kbPoGa1AJ7mGbKJbx0aYnShqiVSCDBYI0F/bHB0IoRJ8EEDbmqbVhQ
kaKjIKFaDLW16jyyQF32bMDaVywtw7ce9liS0bq98x/TnN9te1S5ZV4Y3x+i
xUQG15w66uhhjyfu6D6/n8MwLf23hIeqZd5e1pSynvAMoveZd73zuYNfozO6
U9Scq/azkbOVXTO69F1MUVY81KEa0E9VAgEBPPaEwdC5dOEpQQoBfiC3oWRr
rOmKvGdCE/MLsBvh39IbToeNSBAcPPJIg7HVGzkiv4FZyHWQnoLBYk+zvpM3
AV+yzxHicm/r+n1HoDVT4Gr64fuzEalgiCkfuBdTaA1Keu8uXrb8aps6MgLP
d+IBYWYSfLG3gcqugiGRGpuqUDkIcf4PbQB4PxGKAIvVmTRY9uE5r34W24/p
kYOBoLfAm5UKZ/0kT8Zh0yV0YLYzXjdxojBqoZNIUXz01oZdQ4yzjhlZpjb8
cd28eS0G0EwR7SsM3rm81wd2ec7BTQRYEhoeARAA83O4nNHuyFx2C+mHvdgv
Qr4g/uYHog+vYYy0oQBFPGmuGwZ+y3ooPMSbcpcmurh+0aBnkZToimubm/Ip
CXcJ28o6RH2KIPX0X6Q2HsWNAM6BVBWCezajDRxcIjL2DQHSoot0jovHq7Jt
3VjxCfm/OJyLkPoi2NHg4PJ7Be5bPOX1qyj0k/caRFKQxzvCARe4zWn9Pe7Y
Yt+e1dMWzy4NDmz8BjKCkng4xM1Nc7/2/SYdbvngEWyhOWrLScttK5h85sx8
V2sWYxC7S5CPLRZRBteU+gMUmE2k6hDZIPWA/icLXwcFjtIArZWAjYix85EE
5d0U1Dkjr6SAt7FolPrVHFxe3jII50PhlE/3bWnQlQJL5ndJfOs9957Kvf0N
IqtzmDtzNTqrD1XWT6mrxssFcoxjgpBzsw3QXzGcm7C/Mbtzq63eRk4qt5iy
KeB/jZm/IhHMMyhJEIHK9kGu5GRji5Q/Ypql3qAjwAz49UzHvGuBnkAjbQLG
WTDzje/vxTQDaG43eEfyBg3qTE4vcMWZVJm1MMURkblZqFVoZUVBpdr4Pqfz
+vYTxPDZGCdRHs4qv07tu4kcGemyqyanoMmzjLYmWXedQmdUwT7UT7vrCeS2
A7HPJUPl7MUaBcI6UxU9Lo1Dz1skqOpclPG2D3YfCG4fhy3EEVmCsl7QIPxh
MqEAEQEAAcLBXwQYAQgAEwUCWBIaJAkQy2Xcle98YS0CGwwAADfpD/9c/5el
kFAZTTcc1zqqvVYsLEf6alq8Jc7umoD+fQKkvHnZPzPnInvb4dOcywfBTq75
qW6xzfhG/xOWFvoMNZEiVeR01sHzLDxyjwHtneEovw/L8W3375r3d/K7aMu3
E7ib/4eTNyts4A1VQfHah8+g6DkSCNzvPGjlWZE2SejMk2XDG+umlzGAWG+I
xlraf4o+5ayE+O36CEyodALf1zkmG0VWVqEaLByGiwhZMoSH57Dh5vwxPm6B
fDBhg5FSfrPkU6E/c0VEuAz8g3zzvLkrDIgDDcKO5S6l1IXrgWsosWj2bjFI
KgMWPWq834IRNe5kQMy+ZBRpxJG0X11b5yQJVSI0d0nuGwvppWVk8l4UkIHp
CNL2fSjHWI7BO7YdUilwa+9OeW7cMPyt78nFxrd4hARocOIY3OBCuBeiv9FX
7rpWtCphgmeRscBtGsOO8GGXhOW2TTpyusPsyT0KSfkCy3/GlMhAHf141xBZ
4Zg8M2upB1Zfwz3lvfnalAY+/xPW9XQEHr6rdZog7wNFlMx2rZz9Zoi7K3cY
cF3hDsi+AbT6NrJcWo6cgUz8EVkMYrEEUd+X4cqA9nCC2w8eMxo1cPghKHNT
oR9LijUkJBFZPFKRsbG2PDp3gcLw1QTNjTHDYFREbJKjfAmWbyyZqzAG067+
gb3Sv+T9pF74xfyyrw==
=yfgW
-----END PGP PUBLIC KEY BLOCK-----

Other Submissions Handling

Website owner want to receive information about other vulnerabilities

Notifications:

[email protected]

PGP Key:

Show key

We encourage you to encrypt sensitive information you send to us as a part of your vulnerability disclosure. You can use our PGP key to send us sensitive information via [email protected]:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Mailvelope v1.5.2
Comment: https://www.mailvelope.com

xsFNBFgSGh4BEAC6kp+TCD0FzzhhPtsRdZ7cdfFKSYtvxWitNdn54+UhppUE
xqavNGaSuz5jbMqojz2INWL8m0I7H8kA8NHYq4nhTtqIOh0C//7u/mKDy88j
j2nDFvKoT9n01j3mfQzWUAfVaMJ1OdKh5+oupELw1zqxFGy1COKKmMAjmM9L
HmkL2Y6cXGqgLK8IbuoYZ87MUzAAI6jrASCn4llf1F+g/Qqoh3uqt0D7OCij
SbVksMo1roqo6qJlNq/q8gtp5cqYiYb56bpSwd7uQCwhEA3VuqpedkIvgEQk
E80VLBD+L9MuLQxzaU9MyNxWH+pr2rTmffcrKSf8S1cpXZsR4Gcom90riXK8
YYLIC5EtZV8aQNQ621WwifkRhsUuQL8VWEzGp4eccgQlmx/4HHyFCONwB3Fm
ewiTehKT+ZfEuFXGjKij4XUgoO28zlDVEtwr9b3xOg2jYlfE9KAnY29uqZx0
bDlgpysWgwdnjgFwHbdpp/0khDfxKtlpxoF6jTng6vLpRknmZW26FDYh45kK
9rwxlMDNuKzeNJI/jWotaKb1vFx1KtwvOlvZ93kPua9XkgvWvc1qfC4QI6V8
UzSpV6Mfzcjz8gh1UwCrXXqph2TOpMXPzElAJXAf44h1UgsJpbyOngl4xWb1
Xi+QMF1f5VTzmvvETmnBAiNncN6stv8lv7pogwARAQABzS5BZGFmcnVpdCBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBhZGFmcnVpdC5jb20+wsF1BBABCAAp
BQJYEhoiBgsJCAcDAgkQy2Xcle98YS0EFQgCCgMWAgECGQECGwMCHgEAAFJ+
EACw//CCx9juEt7kLY87RX7U1cqMmXdKFHBco4XumBHufjXKCHClX//enggj
bWiaN/YZozQkKZfkcAey0IY70166EAPUzcZwzqX4ZSI7F/Er0WHr07pLa1aF
QWslVL2e3CWfTM2k6PjgC8puvcooK2J/Y1cRn33w0NcDZJJQ9uk/npd0/xzD
AFWRU6kbPoGa1AJ7mGbKJbx0aYnShqiVSCDBYI0F/bHB0IoRJ8EEDbmqbVhQ
kaKjIKFaDLW16jyyQF32bMDaVywtw7ce9liS0bq98x/TnN9te1S5ZV4Y3x+i
xUQG15w66uhhjyfu6D6/n8MwLf23hIeqZd5e1pSynvAMoveZd73zuYNfozO6
U9Scq/azkbOVXTO69F1MUVY81KEa0E9VAgEBPPaEwdC5dOEpQQoBfiC3oWRr
rOmKvGdCE/MLsBvh39IbToeNSBAcPPJIg7HVGzkiv4FZyHWQnoLBYk+zvpM3
AV+yzxHicm/r+n1HoDVT4Gr64fuzEalgiCkfuBdTaA1Keu8uXrb8aps6MgLP
d+IBYWYSfLG3gcqugiGRGpuqUDkIcf4PbQB4PxGKAIvVmTRY9uE5r34W24/p
kYOBoLfAm5UKZ/0kT8Zh0yV0YLYzXjdxojBqoZNIUXz01oZdQ4yzjhlZpjb8
cd28eS0G0EwR7SsM3rm81wd2ec7BTQRYEhoeARAA83O4nNHuyFx2C+mHvdgv
Qr4g/uYHog+vYYy0oQBFPGmuGwZ+y3ooPMSbcpcmurh+0aBnkZToimubm/Ip
CXcJ28o6RH2KIPX0X6Q2HsWNAM6BVBWCezajDRxcIjL2DQHSoot0jovHq7Jt
3VjxCfm/OJyLkPoi2NHg4PJ7Be5bPOX1qyj0k/caRFKQxzvCARe4zWn9Pe7Y
Yt+e1dMWzy4NDmz8BjKCkng4xM1Nc7/2/SYdbvngEWyhOWrLScttK5h85sx8
V2sWYxC7S5CPLRZRBteU+gMUmE2k6hDZIPWA/icLXwcFjtIArZWAjYix85EE
5d0U1Dkjr6SAt7FolPrVHFxe3jII50PhlE/3bWnQlQJL5ndJfOs9957Kvf0N
IqtzmDtzNTqrD1XWT6mrxssFcoxjgpBzsw3QXzGcm7C/Mbtzq63eRk4qt5iy
KeB/jZm/IhHMMyhJEIHK9kGu5GRji5Q/Ypql3qAjwAz49UzHvGuBnkAjbQLG
WTDzje/vxTQDaG43eEfyBg3qTE4vcMWZVJm1MMURkblZqFVoZUVBpdr4Pqfz
+vYTxPDZGCdRHs4qv07tu4kcGemyqyanoMmzjLYmWXedQmdUwT7UT7vrCeS2
A7HPJUPl7MUaBcI6UxU9Lo1Dz1skqOpclPG2D3YfCG4fhy3EEVmCsl7QIPxh
MqEAEQEAAcLBXwQYAQgAEwUCWBIaJAkQy2Xcle98YS0CGwwAADfpD/9c/5el
kFAZTTcc1zqqvVYsLEf6alq8Jc7umoD+fQKkvHnZPzPnInvb4dOcywfBTq75
qW6xzfhG/xOWFvoMNZEiVeR01sHzLDxyjwHtneEovw/L8W3375r3d/K7aMu3
E7ib/4eTNyts4A1VQfHah8+g6DkSCNzvPGjlWZE2SejMk2XDG+umlzGAWG+I
xlraf4o+5ayE+O36CEyodALf1zkmG0VWVqEaLByGiwhZMoSH57Dh5vwxPm6B
fDBhg5FSfrPkU6E/c0VEuAz8g3zzvLkrDIgDDcKO5S6l1IXrgWsosWj2bjFI
KgMWPWq834IRNe5kQMy+ZBRpxJG0X11b5yQJVSI0d0nuGwvppWVk8l4UkIHp
CNL2fSjHWI7BO7YdUilwa+9OeW7cMPyt78nFxrd4hARocOIY3OBCuBeiv9FX
7rpWtCphgmeRscBtGsOO8GGXhOW2TTpyusPsyT0KSfkCy3/GlMhAHf141xBZ
4Zg8M2upB1Zfwz3lvfnalAY+/xPW9XQEHr6rdZog7wNFlMx2rZz9Zoi7K3cY
cF3hDsi+AbT6NrJcWo6cgUz8EVkMYrEEUd+X4cqA9nCC2w8eMxo1cPghKHNT
oR9LijUkJBFZPFKRsbG2PDp3gcLw1QTNjTHDYFREbJKjfAmWbyyZqzAG067+
gb3Sv+T9pF74xfyyrw==
=yfgW
-----END PGP PUBLIC KEY BLOCK-----

General Requirements:

At Adafruit, we understand that security is essential in maintaining the trust you place in us to provide products and services to you. Although our team works vigilantly to help keep customer information secure, we recognize the important role that security researchers and our user community play in helping to keep our users secure. If you are a security researcher and have discovered a security vulnerability in our website or service, we ask for your help in disclosing it to us in a responsible manner.

If you discover a site vulnerability or are a customer who is concerned your account has been compromised, please notify us via [email protected] We encourage you to encrypt sensitive information; please see below for our public PGP key. For verified vulnerabilities and bugs, we may offer certain rewards for your smarts and efforts at our discretion as a thank you (such as store credit and Adafruit gear!).


Testing Requirements:

When reaching out to us, please include:

A detailed summary of the issue, including a list of steps for how we can reproduce it.
Correct contact information, such as an email address, by which we can reach you in case we need more information.
Whether and how you would like us to identify you in our "Hall of Fame".
We believe in placing our users' interests first. We believe that responsible disclosure involves privately notifying us of any security vulnerabilities, and allowing us appropriate time to diligently address the vulnerabilities before making full disclosure to the public. For our part, while we are working on addressing the vulnerability, we will advise customers of potential risk if appropriate where it does not increase the overall risk to customers. We will do our best to notify you as soon as the vulnerability has been addressed and ask that you do not disclose it publicly or share it with others until then.

We appreciate these types of research activities, but will not tolerate any actions that put our users at risk:

Do not attempt to access, modify, destroy, or disclose our users' information.
Do not attempt to deface or degrade our services.
Do not violate applicable law.
The combined contributions of all security professionals in our community are essential to keeping us all secure.

Possible Awards:

Adafruit products and more.

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  How quickly researchers get responses to their submissions.
Remediation Time  How quickly reported submissions are fixed.
Cooperation and Respect  How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched

 07.04.2020 apu.edu
 07.04.2020 sermoncentral.com
 07.04.2020 dinakaran.com
 07.04.2020 ranker.com
 06.04.2020 ac-grenoble.fr
 06.04.2020 prefeitura.sp.gov.br
 06.04.2020 cmb.fr
 06.04.2020 cdiscount.com
 06.04.2020 psu.edu

  Latest Blog Posts

04.04.2020 by Rando02355205
(Alibaba) message.alibaba.com [IDOR] - [Bug Bounty]
12.03.2020 by Rando02355205
(Paypal) www.paypal.com [CSP High Level] - [XSS Reflected] - [Bug Bounty] - [Write Up]
08.03.2020 by CybeReports
JDECO.net XSS Vulnerability| CybeReports
29.02.2020 by Rando02355205
(Google) groups.google.com - [Stored XSS] - [Bug Bounty] - [WriteUp] - [24/02/2020]
10.02.2020 by 0xrocky
Stored XSS on h2biz.net

  Recent Recommendations

    6 April, 2020
     chris05634528:
Jatin understood the importance of moving quickly and with discretion. He waited to until he found the right group to submit the details and provided easy-to-understand details.

As a result we have remediated the problem and have Jatin to thank.
    5 April, 2020
     christophmoar:
Cool and professional contact, quick response, I appreciate your effort.
Thanks!
    3 April, 2020
     KenDennis:
Brian helped to identify an XSS Vuln on a client's wordpress implementation and was quick and helpful to respond to our query. With his notes, we were able to quickly mitigate this issue and we appreciate his help and professionalism.
    2 April, 2020
     EmanuelePisapia:
I have really appreciated this researcher for his great skill and communication. He found a cross site scripting vulnerability on our service and help us fixing it. I recommend Broly157. He's a A++ researcher
    31 March, 2020
     reinisroz:
Thanks much, anguhari, for providing detailed information about XSS bug, found on our website. Highly recommended and professional security researcher!