Coordinated and Responsible Vulnerability Disclosure Free Bug Bounty Program 307,885 coordinated disclosures
179,529 fixed vulnerabilities
337 bug bounties with 733 websites
8,475 researchers Bug Bounty Program runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between and researchers.

Bug bounty program allow all submissions.

Bug Bounty Scope

The following websites are within the scope of the program:


Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

No general requirements

Testing Requirements:

No testing requirements

Possible Awards:

No possible awards

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

Response Time  How quickly researchers get responses to their submissions.
Remediation Time  How quickly reported submissions are fixed.
Cooperation and Respect  How fairly and respectfully researchers are being treated.

  Latest Patched
    Patched on 22.01.2019
    Patched on 22.01.2019
    Patched on 22.01.2019
    Patched on 22.01.2019
    Patched on 22.01.2019
    Patched on 22.01.2019
    Patched on 22.01.2019
    Patched on 22.01.2019
    Patched on 22.01.2019
    Patched on 22.01.2019

  Recent Recommendations

    22 January, 2019
Following Felipe's disclosure, we have now fixed the Reflected Cross-Site Scripting web vulnerability you discovered in our "" web-application. We'd like to thank Felipe for his prompt and professional disclosure.
    22 January, 2019
Armin found an XSS bug in our product and was nice and supportive to help us in dealing with the vulnerability. We were able to release an update just a few hours after discovery.

Thank you so much Armin for making the web a better place!
    22 January, 2019
Found a xss issue, quickly emailed with the affected pages and links to aid resolving. Many thanks
    21 January, 2019
Guten Tag Armin

Besten Dank für Ihre Mail und die Dokumentation der eruierten XXS-Schwachstelle. Wir sind in einem laufenden Prozess daran Schwachstellen, wie die von Ihnen Identifizierte, zu eruieren und zu beheben.
Die Sensibilisierung der Entwickler zur Verhinderung von Sicherheitslücken bedarf offenbar weiterer Schritte, für Ihr professionelles Vorgehen und den Hinweis möchten wir uns bedanken.

    21 January, 2019
Awesome recommendations to help the site have less vulnerabilities. Thank you again for your support!